October Is National Cybersecurity Awareness Month – Be Cyber Alert and Guard Against Phishing

Lara Forde, David Ries
Clark Hill PLC
Contact
LinkedIn
Facebook
X
Send
Embed

This month is the 18th Annual National Cybersecurity Awareness Month in the United States, sponsored by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance. This year’s theme is again “Do Your Part. #BeCyberSmart.” Being Cyber Smart includes awareness of current threats like business email compromise (BEC), ransomware, supply chain compromise, and phishing. This Alert addresses phishing, which is CISA’s focus topic for this week, “Phight the Phish!”

Phishing uses fraudulent (spoofed) emails for criminal purposes, like installing malware, stealing money, and obtaining information such as login credentials, bank account information, personal information, and confidential business information.

The number of phishing attacks has increased during the COVID pandemic and remains high. The Anti-Phishing Working Group (APWG) has reported, “After doubling in 2020, the amount of phishing has remained at a steady but high level. APWG saw 222,127 attacks in June 2021, which was the third-worst month in APWG’s reporting history.”

Phishing is a frequent and dangerous threat. CISA has reported that over 90% of successful cyber attacks start with a phishing email. Given this high risk, prevention of phishing and response to phishing should be included in comprehensive cybersecurity programs for businesses and organizations of all sizes. Particularly important is training to promote constant security awareness by all users of technology. One important message from CISA is “Think before you click.”

The following are Email Security Tips from Clark Hill’s ASSET360 group to help to protect against phishing:

  • Be alert for telltale signs:
    • Poor wording, typos, fuzzy/incorrect logos, generic body message
    • Unexpected/strange timing/oddly constructed
    • Instills urgency, greed, curiosity
  • Look for suspicious From addresses or Subject lines
  • Hover over URL hyperlinks to view the real web address
  • Never click links or open attachments
  • Use multi-factor authentication (MFA)
  • Ask: “Would this person be sending this request?”
  • Verify requests (e.g. wire fraud and change of payment instructions) verbally from a known contact at a known number (not in the email)

CISA has published a Phishing & Spoofing Tip Sheet for this week’s topic.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Clark Hill PLC | Attorney Advertising

Written by:

Clark Hill PLC
Clark Hill PLC
Contact
more
less

Clark Hill PLC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide