Phishing is the most common form of social engineering attack.
Phishing occurs when a threat actor impersonates a trusted entity through
email to try and fraudulently obtain personal information, financial
information or access to systems. The email prompts the targeted individual
to act. The action could be to click on a link, provide information, open an
attachment, download a file, or provide remote access to a workstation. This
action provides the threat actor with information or access to a system.
Phishing uses email to solicit your information by posing as a trustworthy
person or entity. For example, the threat actor may send emails disguised as
your boss or a financial institution requesting your account information.
The threat actor will use this information to gain access to your online
accounts. Once the threat actor has access to your accounts, they may use
this access to carry out a larger cyber attack.
How to spot a phishing attack
There are ways to detect these types of attack. Here are some common
indicators:
The communication is from an unknown user, organization, or domain name.
The communication seemingly comes from someone within an organization,
but with a non-organizational domain name. For example, your director is
emailing you from an @gmail account.
The correspondence expresses an unusual level of urgency.
The content contains errors such as misspelled names, misused
organizational terms or titles, or misrepresented or misplaced logos.
The communication is unsolicited and asks you to do something.
The tone, content or wording is inconsistent with what would be
expected.
The email has attachments with unusual file names or links with an
unusual URL. Roll over:
Uniform Resource Locator – commonly referred to as a web address, a
URL is the specific
location of a networked piece of technology on a network, such as a
computer, router, or database.
The offer seems too good to be true.
The request is driven by a motivation such as financial benefit or
another benefit.
You should always be vigilant and watch for these indicators. However just
because a communication has one of these indicators doesn’t mean that it is
an attack.
If you are suspicious, confirm the request with the sender prior to taking
any action requested in the message. If you don’t recognize the sender or
their email address doesn’t match their name, report the message.
What to do if you receive a suspected phishing email
