Phishing Image Cyber Galaxy Defenders Managing Digital Risk

Don’t Be the Catch of the Day 

Welcome to week two of Cyber Security Awareness Month! This week, we are diving into social engineering and how it can result in phishing, smishing, and vishing attacks. If you recall from last week’s article, we talked about how social media can provide information someone can use in a social engineering attack against you or your organization. But what does that mean? And what would an attack look like? 

Refresher: Social Engineering

Social engineering is the use of deception to exploit human nature, our habits, and our trust in order to gain information or access to information systems. Threat actors want to obtain confidential information such as passwords and login credentials, or personal information. 

A hacker with icons indicating different kinds of frauds
A mail on a hook

Gone Phishing!

Phishing is the most common form of social engineering attack. Phishing occurs when a threat actor impersonates a trusted entity through email to try and fraudulently get information or access to systems. Being caught in a phish could mean clicking on a link, providing information, opening an attachment, downloading a file, or providing remote access to a workstation.    

Throwing Back the Phish

It is important to know what to look for to detect a phishing attack. Here is what to look for: 

  • Comes from an unknown user, organization, or domain name which is the unique name that appears after the @ sign in an email address.

  • Comes from someone within the organization, but with a non-organizational domain name. 

  • Expresses an unusual level of urgency.

  • Contains errors such as misspelled names, misused organizational terms, or misrepresented logos. 

  • It has attachments with unusual file names or links.

  • Driven by a motivation such as a financial benefit or another benefit. 

A mail with a check mark

Recent Phishing Trends 

Did you know that during the same six-month period at the start of the COVID-19 pandemic, 34 percent of Canadians experienced a phishing attack? Meanwhile, 14 percent of respondents received phishing emails that were related to COVID-19. It is important to think about how current events can bait us in a phishing attack!

Inset Mascot
For more information, check out these resources on Social Engineering and Phishing!