Fight the Phish
What is a phishing attack?
Phishing is a form of social engineering to obtain sensitive information from victims. This type of attack uses email and malicious websites to solicit personal information by posing as a trustworthy organization. Often, you will be presented with a link or asked for personal information. Once links are clicked or requested information is obtained, attackers can use it to gain access to your accounts, devices and more personal information.
Phishing attacks are often disguised as charitable campaigns, claims for money, giveaways and more. Attackers like to use the holidays as an opportunity to phish for information from users.
Example #1: Phishing Email
To assist in the identification of these attacks, below you can find real-life examples that are reported to OK Cyber Command frequently by state employees:
Example #2: Smishing SMS Attacks
Another type of phishing attack is smishing. Smishing is another form of social engineering where SMS and text messages are exploited. Like phishing emails, text messages can contain links to malicious websites and request personal information that can be used to take control of your devices.
Tips to Stay Safe Online
Save these tips for spotting phishing attacks and keeping your information safe online:
- When in doubt, throw it out. Links in emails and online posts are often the way cyber criminals compromise your computer. If it looks suspicious – even if you know the source – it’s best to delete or, if appropriate, mark it as junk email. Contact the company directly (via phone) to be sure the email is not legitimate.
- Think before you act. Be wary of communications that implore you to act immediately, offer something that sounds too good to be true, or ask for personal information.
- Use stronger authentication. Always opt to enable stronger authentication when available, especially for accounts with sensitive information including your email or bank accounts. For example, it could be a one-time PIN texted to a mobile device, providing an added layer of security beyond the password and username.
- Make passwords long and strong. Combine capital and lowercase letters with numbers and symbols to create a more secure password.
- Install and update anti-virus software. Make sure all your computers are equipped with regularly updated antivirus software, firewalls, email filters and antispyware.
- Be wary of hyperlinks. Avoid clicking on hyperlinks in emails; type the URL directly into the address bar instead. If you choose to click on a link, ensure it is authentic before clicking on it. You can check a hyperlinked word or URL by hovering the cursor over it to reveal the full address.
In addition to this guide to spot phishing attacks before you get caught, OMES provides Security Employee Awareness Training (SEAT) to all state employees.
To set up your account and begin training:
- Navigate to https://training.knowbe4.com/ui/login
- Enter your state email address to sign in.
- Next, you will be prompted to use your single sign-on credentials or enter a password.
- If prompted to use a password, you can set one by choosing the option Forgot Password.
Once signed in, you will see a 45-minute module available for SEAT 2022 Kevin Mitnick Security Awareness Training. This is the only requirement to complete for the calendar year 2022. If you have any questions or experience trouble during setup, contact the OMES Service Desk via the Service Portal.