Cyber Security Awareness Month - Phishing

September 4, 2018 | Javvad Malik
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

It’s September, which means it’s almost October, which is National Cyber Security Awareness Month (NCSAM)!

NCSAM was launched by the National Cyber Security Alliance & the U.S. Department of Homeland Security in October 2004. This government and industry collaboration was started with the intention to ensure citizens and companies of all sizes have access to resources needed to stay safe and secure online.

Every year, the official program focuses on a series of weekly themes. Many individuals and companies also share their own best practices and ideas for security awareness.

In doing our part, we’re also publishing a series of posts during September and October to help share some of our favourite resources and tips on staying safe online.

Cyber Security Awareness Month Phishing

Phishing:

Kicking off the festivities, I’m highlighting one of the most prevalent threat vectors there is: phishing.

Phishing can take place under many guises and have different objectives - but at a high level it’s nearly always an email sent which claims to be from a trusted person or entity that attempts to trick the recipient into performing an action.

Examples of phishing emails can include:

  • The tax office claiming you have underpaid, or are due a repayment with a malicious document attached.
  • Your CEO asking that you make a large payment to a new supplier immediately.
  • The IT team asks you send them your password in an email or via a form.
  • Your bank asking you to login and confirm details.
  • A service provider threatening to cut off your service unless you respond to them immediately with information.
  • You get an unsolicited job offer, or a lucrative work-from-home scheme
  • A match on a dating site asks excessive personal information, or for money or gifts.

This is not an exhaustive list, but all of these tactics seek to instill a sense of urgency in the recipient, trying to get them to respond quickly usually using the broad hooks of money, employment, love, or threats (MELT).

There are many telltale signs you can usually look out for, such as the tone of the email, the grammar and spelling, or the email headers that can indicate whether an email is genuine or not. However, for the most part, it is best to err on the side of caution, and if something doesn’t feel right or genuine it’s best to confirm directly with the alleged sender of the email.

While there are a growing number of tools available to defend against cybercrime, education remains one of the most important tools in our defence. It is only by gaining a greater understanding of the threats and techniques encountered - in both personal and business settings - that we can best protect ourselves.

A short video on phishing

And a slightly more in-depth video on how to spott a phishing email

Javvad Malik

About the Author: Javvad Malik
The man, the myth, the blogger; Javvad Malik is a London-based IT Security professional. Better known as an active blogger, event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.
Read more posts from Javvad Malik ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL