Phishing:

Phishing is the most common form of social engineering attack.

Phishing occurs when a threat actor impersonates a trusted entity through email to try and fraudulently obtain personal information, financial information or access to systems. The email prompts the targeted individual to act. The action could be to click on a link, provide information, open an attachment, download a file, or provide remote access to a workstation. This action provides the threat actor with information or access to a system.

Phishing uses email to solicit your information by posing as a trustworthy person or entity. For example, the threat actor may send emails disguised as your boss or a financial institution requesting your account information.

The threat actor will use this information to gain access to your online accounts. Once the threat actor has access to your accounts, they may use this access to carry out a larger cyber attack.

How to spot a phishing attack

There are ways to detect these types of attack. Here are some common indicators:

• The communication is from an unknown user, organization, or domain name.

• The communication seemingly comes from someone within an organization, but with a non-organizational domain name. For example, your director is emailing you from an @gmail account.

• The correspondence expresses an unusual level of urgency.

• The content contains errors such as misspelled names, misused organizational terms or titles, or misrepresented or misplaced logos.

• The communication is unsolicited and asks you to do something.

• The tone, content or wording is inconsistent with what would be expected.

• The email has attachments with unusual file names or links with an unusual URL. Roll over: Uniform Resource Locator – commonly referred to as a web address, a URL is the specific location of a networked piece of technology on a network, such as a computer, router, or database.

• The offer seems too good to be true.

• The request is driven by a motivation such as financial benefit or another benefit.

You should always be vigilant and watch for these indicators. However just because a communication has one of these indicators doesn’t mean that it is an attack.

If you are suspicious, confirm the request with the sender prior to taking any action requested in the message. If you don’t recognize the sender or their email address doesn’t match their name, report the message.

What to do if you receive a suspected phishing email

Follow the steps for responding to a social engineering attack.
Additionally, follow your organization’s protocol for reporting phishing attacks.

What to do if you fall victim to a phishing email

If you think that you may have been the victim of phishing, follow these steps in this section: