Loading

THE FACTS ABOUT PHISHING Cybersecurity Awareness Month - Newsletter 1

Deceptive emails are a threat in the workplace and at home

What would you do if a suspicious stranger came up to you and asked you some personal questions or requested your help on something? You’d probably sense something wasn't right and either walk away quickly or call for help.

But what if the stranger approached you through email? You might feel it’s safe to click on a link in the email or open an attached file — but it’s a trap.

Every day, cyber criminals use malicious emails to try to scam individuals and organizations — a type of attack known as “phishing.” Interacting with a phishing email carries serious risks for you, your employer, even your family and friends. Fortunately, everyone can learn tactics for recognizing and avoiding these attacks.

What Is Phishing?

In a phishing attack, cyber criminals use deceptive emails to “fish for” information and lure people into falling for scams. These emails are carefully designed to trick you into revealing financial information, login credentials, or other sensitive data. Or, they may secretly install dangerous software (malware) that compromises your computer and the files on it.

Phishing emails typically pressure you to act quickly, without thinking. They play upon strong emotions — such as curiosity, fear, or greed. These psychological manipulation tactics are sometimes known as “social engineering.”

Phishing emails also use a variety of technical tricks to steal information:

  • Malicious web links – You’re asked to click on a link that takes you to an imposter website or to a site infected with malware.
  • Malicious attachments – You’re urged to open an unexpected attachment that contains malware.
  • Fraudulent data-entry forms – You’re prompted to fill in sensitive information like user IDs, passwords, credit card data, and phone numbers.

Is Phishing Really My Problem?

Many companies have suffered serious data breaches that exposed everything from business secrets to the confidential data of millions of people. These data breaches often start by tricking one person with a phishing email, giving criminals a foot in the door.

Phishing can affect your personal life, too. Whether at home or at work, falling for a phishing email can have serious, long-term consequences.

Between 30% and 40% of working adults around the globe are unable to identify the definition of phishing in a multiple-choice array. This shows a disconnect between the language spoken by information security teams and the language understood by users.

The following video “Phishing Emails in Real Life” from The Defence Works acquisition video teaches users about phishing in a humorous way.

The Consequences of Falling for a Phish

At work:

  • Loss of corporate funds
  • Exposed personal information of customers and coworkers
  • Outsiders accessing confidential communications, files, and systems
  • Files becoming locked and inaccessible
  • Damage to employer’s reputation

In Your Personal Life:

  • Money stolen from your bank account
  • Fraudulent charges on credit cards
  • Tax returns filed in your name
  • Loans and mortgages opened in your name
  • Lost access to photos, videos, and files
  • Fake social media posts made in your accounts

What Can I Do?

Develop your anti-phishing skills. Reading the Cybersecurity Newsletters that are released by ICT are a great way to practice identifying the warning signs of a phish.

Look for opportunities to learn more about phishing. There are countless resources that are available that can provide more information about phishing and other security issues in more detail. The Canadian Centre for Cyber Security is a great place to start!

Report suspicious email. Report any suspicious email you come across to reportspam@wlu.ca and forward the message that you are concerned about.

TIPS FOR FAMILY AND FRIENDS

Share what you’ve learned about phishing and ask family and friends about their cybersecurity knowledge or experiences.

  1. Think before you click – You shouldn’t automatically trust any email message, especially if it sounds frightening or too good to be true. Familiar logos, senders’ names, and personal information are often faked by scammers.
  2. Be wary of unexpected requests for personal information – Never send account numbers, PINs, or login credentials through email — even if the request sounds urgent.
  3. Verify attachments before opening or downloading – Even if an email seems to come from a company or person you trust, don’t open an unexpected attachment. To make sure the file is legitimate, contact the company or individual directly through its website or use a known, verified phone number.

Credits:

Information in this newsletter is credited to Government of Canada, CIBC, TrendMicro and DataEconomy. Created with images by ChristophMeinersmann - "privacy policy it computer" • freestocks.org - "untitled image" • Austin Distel - "The life of an online entrepreneur. If you use this photo on your site, I would be very appreciative if you would please credit in the caption or meta to "www.distel.co". Model: @Austindistel https://www.instagram.com/austindistel/ Photographer: @breeandstephen https://www.instagram.com/breeandstephen/ " • lukasbieri - "youtuber blogger screenwriter" • gagnonm1993 - "hacking coding code" • katielwhite91 - "ransomware cybersecurity cyber"