The Office of Information Security is hosting a series of Cybersecurity Awareness Month events, including webinars like Staying Ahead of Phishing. Bruce Waterbury, OIS Consulting and Education Manager, facilitated the October 9 webinar attended by community members from across the university.
Staying Ahead of Phishing introduced trends in phishing attacks and methods of protection. If you missed it or want a refresher, watch the recording or view the slides and read these takeaways.
1. Phishing takes many forms.
There are many kinds of phishing techniques including social engineering, spoofing, link manipulation, and email filter evasion. Understanding each technique is helpful in identifying a phishing email that lands in your inbox.
- Social engineering uses human interaction to gain information that can then be used to access protected accounts.
- Spoofing uses a disguised email address, name, phone number, or URL in outreach to you to make it appear they’re legitimate.
- Link manipulations is using hyperlinked text, hidden forms, pop-ups, or link redirects to a malicious URL.
- Email filter evasion may use legitimate email addresses from verified senders or configure the text and underlying HTML and CSS in ways that avoid filter detection.
2. Protecting yourself helps protect others, too.
A compromised account via phishing leads to lateral movement opportunities and often data breach” so it’s imperative that every community member protects their accounts and immediately reports any suspected phishing attempts.
3. Mistakes happen. Know what to do when they do.
If you have fallen for a scam, review FAQ: Reporting Scams and Identity Theft to learn who to contact and what actions to take to protect your devices, accounts, and identity.
4. You’re not in it alone.
Northeastern protects the university community from phishing through use of services like Duo for multi-factor authentication and Microsoft Advanced Threat Protection and security policies like continuously monitoring for malicious activity and imposing email security requirements.
Cybersecurity Awareness Month was started by the National Cybersecurity Alliance and the U.S. Department of Homeland Security (DHS) in 2004. Since Cybersecurity Awareness month started, institutions like Northeastern have joined in efforts to promote awareness of cybersecurity threats and protection.
Events and activities to enhance the university community’s cybersecurity knowledge are ongoing throughout October. For more information on the events and how you can get involved, visit the Cybersecurity Awareness Month page.