Avoiding Phishing Attacks

Cybersecurity is an increasingly prevalent issue in business today, particularly as people continue to work remotely and risk exposing their companies to technological vulnerabilities. While many people joke about the obvious cyber-attacks, such as the email scam from the infamous “Nigerian prince” or the banker who temporarily needs your help but will definitely pay you back, phishing scams are still the most common type of cyberattack. In fact, in 2020, phishing emails were the leading entry point for ransomware, accounting for 54% of digital vulnerabilities.¹

So, what exactly is a phishing attack and why do so many people fall victim to them? According to the National Cyber Awareness System, phishing is a form of social engineering that “uses email or malicious websites to solicit personal information by posing as a trustworthy organization.”² Phishing scams can also come in the form of voice communication (vishing attacks) or SMS/text messaging (smishing attacks). People often fall for this type of attack because the attackers seem unassuming or respectable and often claim to be from a reputable source, such as a well-known company or a colleague. They may also take advantage of current events in an attempt to appear topical or to rush their victim into acting before they have time to thoroughly consider the credibility of whatever request the scam is making.

Being aware of this type of attack and being mindful of how to limit your vulnerability to phishing scams is becoming increasingly important to protect yourself and your place of employment. In honor of National Cybersecurity Awareness Month, here are some common indicators of phishing attempts and some things that you can do to avoid being a victim:

• Be suspicious of unsolicited messages, particularly if there are typos or if they are requesting personal information, financial information, or any type of compensation.
• Check any hyperlinks or attachments in emails and messages by hoovering your mouse over the link to verify that the URL matches the text.
• Be wary of generic greetings; often cybercriminals will use a generic “Dear Customer” as a greeting; trusted organizations are more likely to address you by name and provide their contact information.
• Err on the side of caution – if you are uncertain about the trustworthiness of a source, either contact the company directly or forward the message to your IT department. If it is a phishing scam, the IT department will often want to be aware so that they can warn others in the organization.

Phishing attacks inevitably do happen, but being cognizant of potential signs of scams and protecting your work by installing anti-virus software and firewalls and by using multi-factor authentication, you can help minimize those risks. Cybersecurity Awareness Month is a great time to update your security protocols and ensure that you are keeping your information safe.

Learn More

If you are interested in learning more about CityU’s Bachelor of Science in Cybersecurity or Master of Science in Cybersecurity, please visit www.cityu.edu or call 888.422.4898 to speak with an advisor.

1. Johnson, J. (2021, Sept. 9). Phishing – Statistics & Facts. Statista. Retrieved from: https://www.statista.com/topics/8385/phishing/.
2. Cybersecurity & Infrastructure Security Agency (CISA). (2020, Aug. 25). Security Tip: Avoiding Social Engineering and Phishing Attacks. National Cyber Awareness System. Retrieved from: https://us-cert.cisa.gov/ncas/tips/ST04-014.