Keep a Watchful Eye Out for Phishing Expeditions
The Information Technology Directorate always emphasizes vigilance online, whether you’re doing research for work or surfing the net at home. During October, which is Cybersecurity Awareness Month, IT is going further into the hows and whys of safeguarding your information on the web.
Each week during October, IT will send an email newsletter to the workforce that goes deeper into a cybersecurity-related topic. The Exchange Post will also publish weekly stories about these topics.
This week’s topic is phishing, which is when bad actors use fake emails, social media posts or direct messages in an attempt to get users to click on a bad link or download a malicious attachment.
If you click on a bad link or file, you could be giving your personal information to a bad actors, so it’s important to know the signs of phishing. And even some of the most careful people can be fooled.
“It only takes one click,” said Conner Vaughan, Exchange data security analyst. “Once a bad actor has that, they can get your information.”
The most common phishing attacks come via email. Statistics show that nearly 1.2% of emails sent are malicious. That percentage might not sound like a lot—but it is.
“That’s 3.4 billion phishing emails that are sent daily,” Vaughan said. “If it only takes one person to click on something where they’ll be taken advantage of, it’s more likely than not that it’s going to happen when that many are sent out.”
Security Operations Center Manager Marco Lai added: “If it does happen to you, my recommendation is to reset all your passwords. If you suspect that you’ve been compromised, the very first thing you should do is change your password. Make it unique and make it hard so that you shut down the access for the bad actor.”
Although email is the most common phishing method, text messages are becoming more frequent (some common ones include texts telling you that your Amazon or Netflix account has been suspended, then saying you need to click a link to correct the problem). Bad actors continue to find methods to get users to follow a link to an illegitimate webpage and enter their computer or banking system login credentials or download malware.
Here are some questions to ask yourself if you see a suspicious-looking email:
- Does it contain an offer that’s too good to be true?
- Does it include language that’s urgent, alarming, or threatening?
- Is it poorly crafted writing riddled with misspellings and bad grammar?
- Is the greeting ambiguous or very generic?
- Does it include requests to send personal information?
- Does it stress an urgency to click on an unfamiliar link or attachment?
Is it a strange or abrupt business request?
If you/ve spotted a phishing email, you’ve already done the hard part. Just don’t click on any links or attachments that you think look suspicious. If you get an email in your Exchange Outlook inbox that you suspect is phishing, click on the “Report Phishing” button at upper right (IT regularly sends out test phishing emails that will give you some practice at this).
You can also forward the email to SpamReporting@aafes.com. After you’ve reported the email, delete it immediately.
To learn more about cybersecurity, visit the National Cybersecurity Alliance by clicking here. To learn more about the Exchange’s Cybersecurity Awareness Team, click here.
Next week’s topic: Passwords and Password Managers. Follow ExchangeAssoc Instagram, X and Facebook throughout October for posts on Cybersecurity Awareness Month topics.