Cyber Tips

Phishing Attempts

It would be helpful if emails or text messages from threat actors came with a flashing red flag. Unfortunately, phishing attempts are better crafted than we'd like to believe. Cyber threat actors are well versed in manipulation and well-crafted techniques to fool unsuspecting users. When a user falls for a phishing message, the attacker achieves their purpose.

Phishing messages can appear in a variety of formats to collect personal information, steal account credentials, or install malware on a user’s device. Here are ways to detect and hopefully thwart this pathway for cybercriminals.

Here are some rules to use to protect yourself from becoming a victim of a phish:

Rule #1: If an offer or deal is too good to be true, it probably is.

Rule #2: Hover over the link to confirm its true origin.

Rule #3: Look for misspellings. If company names are close to the correct spelling, you may not initially notice incorrect spelling.

Rule #4: Type the correct URL in the address bar yourself to ensure you are going to the legitimate site.

Rule #5: Look for misspellings in URLs. Some scammers use slight misspellings or letter substitutions in web addresses so that it is not easily noticed (e.g., 1egitimatebank.com instead of legitimatebank.com).

Rule #6: Never respond to an email with sensitive personal information (birthdate, Social Security Number, etc.). There are always more secure methods that legitimate companies will use to get this information.

Rule #7: Be wary of any message that is urging you to take immediate action.

Source: The information provided in the MS-ISAC Monthly Cybersecurity Tips Newsletter is intended to increase the security awareness.

Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.

Additional sources of information:

The Federal Trade Commission is the United States entity that collects scam reports and can offer assistance in the event of an attack. If you think you’ve been a victim of a phishing attack or have clicked on a link that may be malicious, you can report a phishing attempt online at https://www.usa.gov/stop-scams-frauds or by placing a call to 1-877-382-4357.

You can educate yourself about phishing attempts in all their varieties. This includes spear phishing, which is a more targeted form of phishing. Learn about this type of attack by downloading our MS-ISAC Security Primer on the topic: https://www.cisecurity.org/insights/white-papers/ms-isac-security-primer-spear-phishing

Indiana Cybersecurity Hub website: https://www.in.gov/cybersecurity/