More News Sources
This is a fraudulent attempt to gather any sensitive information, usually by some form of impersonation. Phishing executed over a variety of mediums, often by email, but also including messaging, and text. Spear phishing is tailored to a specific group or organization. According to KnowBe4, 91% of data breaches start with a successful spear phishing attack. For more information, see KnowBe4
The IT Services and CEI Helpdesk have setup a phishing email button in email clients allowing users to mark a suspicious email for review. Any phishing tests and trainings will automatically notify if you successfully “caught” the phish.
Basic principles of cryptography prescribe more degrees of entropy or “randomness” to increase the time an attack takes to carry out (i.e. longer, more complex passwords are stronger). Each additional character in a password exponentially increases the total possible password combinations. We recommend:
As indicated above, keep current with OS updates, malware and antivirus, and firewalls. Limit file-sharing, unknown downloads or links, and especially email attachments. We also strongly recommend using non-administrator accounts for daily activities as much as possible. This will do much to prevent system-wide infections.
Look for “https://” or the “lock” icon to ensure that communications are encrypted when sending sensitive information. These indicate varying degrees of safety on websites depending on the level of encryption used.
Banking malware is rising and cybercriminals are targeting mobile platforms. Credentials can be stolen via text/SMS, email, social media, etc. Any data you put “out there” is at risk. We recommend avoiding saving payment information, especially with smaller online vendors. Limit all personally identifiable information (PII) shared online, in any format, as guiding rule for good internet-hygiene.