October is Cybersecurity Awareness Month, which presents a great opportunity to highlight some important security practices that you can employ in both your professional capacity and personal life. Throughout this month, the CNYRIC will be shining the spotlight on a variety of cybersecurity awareness topics, in the pursuit of stronger everyday practices that will help you make smarter, safer decisions when online.
That's Bait
You've likely heard the term before. "Phishing" has become pretty common in today's lexicon, and it's not exclusively the domain of those in tech. In short, phishing refers to the attempt by bad actors to get access to your personal information by compelling you to click on on a innocent looking link, or opening a seemingly normal attachment. These messages will likely appear legitimate at first glance; an email from your organization if using your work account, or a message from what appears to be a trusted friend or family member if it's a personal account. But if you "take the bait," you could be in for a world of trouble.
Thankfully, our friends at the Cybersecurity & Infrastructure and Security Agency (CISA) have put together some helpful tips to cut the line when bad actors are phishing. Let's take a look:
(Please click on image above to watch video)
Recognize
Phishing attempts will often have common denominators in terms of verbiage. They can often use language promising dire consequences for failing to act on a "problem" soon, or be more overt by asking outright for you to include something critical like banking information if contacting you about something you've been "chosen" as the winner of. When considering the fact that these might come from what appears to be a trusted source, you can see how the emotional appeal might compel honest folks to act.
Pro Tip: You can always hover over any included links to see if something looks "off" about them, or if there are any nonsensical strings of characters where you might expect to see a reputable name or service.
Resist
If you get an email containing any of the warning signs above, resist the urge to act right away. Instead, consider carefully the language that the email uses. Always remember to hover over those links to see where they're trying to take you, but do not click on them if you're sure!
Delete
If you're not certain that it's a legitimate email, request, link, or attachment, you're better off deleting the email outright if you're on your personal account. If on your work account, you should report the email to your information technology team, and then delete it. Most major reputable email clients will allow you to flag/report suspicious emails as phishing attempts too, so don't be shy about taking that extra step to help raise the level of community awareness and protection if using your personal account.
Remember: If something looks suspicious, or seems too good to be true, you should always trust your gut. Don't click on those links, don't open those attachments, and don't forget to report!
Even More Cybersecurity Awareness Month!
Cybersecurity Awareness Month Week 1: Creating Strong Passwords
Cybersecurity Awareness Month Week 2: Using Multi-factor Authentication
That's Bait
You've likely heard the term before. "Phishing" has become pretty common in today's lexicon, and it's not exclusively the domain of those in tech. In short, phishing refers to the attempt by bad actors to get access to your personal information by compelling you to click on on a innocent looking link, or opening a seemingly normal attachment. These messages will likely appear legitimate at first glance; an email from your organization if using your work account, or a message from what appears to be a trusted friend or family member if it's a personal account. But if you "take the bait," you could be in for a world of trouble.
Thankfully, our friends at the Cybersecurity & Infrastructure and Security Agency (CISA) have put together some helpful tips to cut the line when bad actors are phishing. Let's take a look:
(Please click on image above to watch video)
Recognize
Phishing attempts will often have common denominators in terms of verbiage. They can often use language promising dire consequences for failing to act on a "problem" soon, or be more overt by asking outright for you to include something critical like banking information if contacting you about something you've been "chosen" as the winner of. When considering the fact that these might come from what appears to be a trusted source, you can see how the emotional appeal might compel honest folks to act.
Pro Tip: You can always hover over any included links to see if something looks "off" about them, or if there are any nonsensical strings of characters where you might expect to see a reputable name or service.
Resist
If you get an email containing any of the warning signs above, resist the urge to act right away. Instead, consider carefully the language that the email uses. Always remember to hover over those links to see where they're trying to take you, but do not click on them if you're sure!
Delete
If you're not certain that it's a legitimate email, request, link, or attachment, you're better off deleting the email outright if you're on your personal account. If on your work account, you should report the email to your information technology team, and then delete it. Most major reputable email clients will allow you to flag/report suspicious emails as phishing attempts too, so don't be shy about taking that extra step to help raise the level of community awareness and protection if using your personal account.
Remember: If something looks suspicious, or seems too good to be true, you should always trust your gut. Don't click on those links, don't open those attachments, and don't forget to report!
Even More Cybersecurity Awareness Month!
Cybersecurity Awareness Month Week 1: Creating Strong Passwords
Cybersecurity Awareness Month Week 2: Using Multi-factor Authentication