Phishing & Security hub

Recent Phishing Attempts

What is Phishing?

Phishing (pronounced: fishing) is the practice of tricking Internet users (through the use of deceptive email messages or websites) into revealing personal or confidential information which can then be used illicitly

Attacks will often be tailored in some way to take advantage of the situation:

• • Current Events (Covid, Olympics, and Elections)

  • Time of the Year (Christmas, Easter, and Memorial Day)

  • Business Structure (Pretending to be email from your boss or coworker)

  • Emotions (Charities, Lawsuits, or Family)

Different Types of Phishing:

• • Email Phishing- Most common attack where the attacker pretends to be someone in a attempt to trick the user into giving over information, money, or something of value to the attacker.

  • Spear Phishing- A more targeted attack where the attacker will tailor the phishing attempt to the user via publicly gathered information (job, family, socioeconomic status, ext.) in a attempt to get the user to fall for the phishing attempt.

  • Whaling- A phishing attempt used for higher level staff, the attacker will gather publicly available information on the user in combination of previously acquired information (a hacked low level account, backdoor into their system, frustrated secretaries email) to gain high level information in the organization.

  • Smishing- Phishing attempt involving texting 

  • Angler Phishing- Phishing attempt involving fake social media accounts pretending to be real ones to gather information from users

Why it Matters

• Your personal data

  • A simple leak of data from you can give a hacker just enough information to find out everything about you, your family, friends, social security number,  everything

  • Even a coworker giving data can damage you as the hacker can use that info to get into a company system and find out everything the company has stored on you

  • With leaked information, your identity can be stolen as well as other personal data

• Money

  • With stolen personal information credit cards on file in business can be stolen

  • That same information can also be used to open new cards in your name, potentially ruining credit scores

I fell for a phishing scam, now what?

• 1. Report your believed breach to IT

  2. Change all relevant passwords

  3. If a debit/credit card was involved, watch your bank account

     • If the account was breached, call your bank, have your card canceled, and request that the charges be canceled

  4. Watch for abnormal behavior in all connected technology

  5. Update devises and install any additional security features you may be dragging your feet on such as Multi-Factor Authentication (MFA)

Further Training & Resources

• https://www.cisa.gov/sites/default/files/2023-08/Secure-Our-World-Phishing-Tip-Sheet.pdf

• https://public.cyber.mil/training/phishing-awareness/