As phishing attacks grow in sophistication, so does the importance of elevating organizational awareness of these advanced security threats.
Phishing is an email cyberattack (or ‘smishing’, for text-message based attempts, and ‘vishing’, for voice attempts) that preys on our human behavior, using social engineering, to get you to click a link or download an attachment. Typically, the content of the phish is disguised as a trusted sender but is designed to get you reveal private information.
- Notice that Microsoft is misspelled as Micrasoft
- Northeastern no longer references NEU nomenclature
- To learn more about a call to action or link without engaging with the content, simply hover over the link and a small text box will appear that reveals the full URL. By closely inspecting links and calls to action before engaging, you can verify the legitimacy of the destination.
- If you’re unsure of the full content of your email, you can always switch to plain text mode. By doing so, the details of all links will be revealed.
Figure 1 Phishing Exercise example: note the ‘clues’ indicating this is a phishing attempt
The good news is that human behavior and social engineering can also be used to defeat such phishing attempts. Data suggests that, by providing consistent training and presenting realistic phishing examples, phishing attacks can be reduced by up to 90%.
One tool used to help users better understand these threats and reduce attacks is simulated phishing exercises. By presenting augmented emails with corresponding teachable moments, phishing exercises, like the one shared with Northeastern faculty and staff recently, allow users to improve detection and reporting skills. In addition, on demand Security Essentials training is offered to all Northeastern community members, along with helpful tips on Malware and Phishing Prevention.
As reminder, here are a few quick steps to take if you receive an email you suspect may be a phishing attempt:
- Use the Report button in Outlook to let Northeastern know about a suspect message or forward the email to firstname.lastname@example.org.
- Contact the IT Service Desk (617.373.HELP ) or open a live chat.