It’s September, which means it’s almost October, which is National Cyber Security Awareness Month (NCSAM)!
NCSAM was launched by the National Cyber Security Alliance & the U.S. Department of Homeland Security in October 2004. This government and industry collaboration was started with the intention to ensure citizens and companies of all sizes have access to resources needed to stay safe and secure online.
Every year, the official program focuses on a series of weekly themes. Many individuals and companies also share their own best practices and ideas for security awareness.
In doing our part, we’re also publishing a series of posts during September and October to help share some of our favourite resources and tips on staying safe online.
Kicking off the festivities, I’m highlighting one of the most prevalent threat vectors there is: phishing.
Phishing can take place under many guises and have different objectives - but at a high level it’s nearly always an email sent which claims to be from a trusted person or entity that attempts to trick the recipient into performing an action.
Examples of phishing emails can include:
- The tax office claiming you have underpaid, or are due a repayment with a malicious document attached.
- Your CEO asking that you make a large payment to a new supplier immediately.
- The IT team asks you send them your password in an email or via a form.
- Your bank asking you to login and confirm details.
- A service provider threatening to cut off your service unless you respond to them immediately with information.
- You get an unsolicited job offer, or a lucrative work-from-home scheme
- A match on a dating site asks excessive personal information, or for money or gifts.
This is not an exhaustive list, but all of these tactics seek to instill a sense of urgency in the recipient, trying to get them to respond quickly usually using the broad hooks of money, employment, love, or threats (MELT).
There are many telltale signs you can usually look out for, such as the tone of the email, the grammar and spelling, or the email headers that can indicate whether an email is genuine or not. However, for the most part, it is best to err on the side of caution, and if something doesn’t feel right or genuine it’s best to confirm directly with the alleged sender of the email.
While there are a growing number of tools available to defend against cybercrime, education remains one of the most important tools in our defence. It is only by gaining a greater understanding of the threats and techniques encountered - in both personal and business settings - that we can best protect ourselves.
A short video on phishing
And a slightly more in-depth video on how to spot
t a phishing email