In our recent GovLoop survey, we found that 49% of respondents are most concerned about phishing attacks. Below, I wanted to share a case study from our recent guide, Winning the Cybersecurity Battle, and offer 3 solutions to avoid falling victim to cyber attacks.
We’ve all probably received an email that is a phishing attempt. Phishing occurs when you receive an email that looks like it came from a legitimate source, but is actually an attempt for you to take immediate action, like log-in to a web platform to obtain credentials or to provide your credit card number. Phishing scams also typically attempt to infect your machine with malicious code, such as malware and viruses.
In GovLoop’s report, Winning the Cybersecurity Battle, Dan Lohrmann, Chief Security Officer, State of Michigan, identified how the State of Michigan has taken a robust approach to their cyber defense. He also commented that the state was victim to a spear phishing attempt earlier this year. Spear phishing, which is very similar to a general phishing attack, is an e-mail spoofing attack that attempts to retrieve unauthorized access of data and information. For instance, a spear phishing attack may seek personal information from a specific (often senior) official within an organization. Instead of a mass e-mail to everyone in an organization, it may be directed at the CEO asking them by name to open an attached file or click a link.
Lorhmann explained that employees received a simple email that attempted to obtain unauthorized access to IT systems.“We had a number of emails sent that were very simple and said things like, ‘Your email box is full. Click here and we'll take care of it for you at the help desk.’ In some cases, the more simplistic, the more powerful. This is because the email used words like SOM.” In Michigan, SOM is used internally to abbreviate State of Michigan. In this instance, the attacker used specific language to target their attack. Although the attack was ultimately thwarted, the spoofing effort is still a powerful temptation for employees.
Thankfully, Lohrmann’s team was able to prevent any data loss and breach of systems from this attack. He noted that these attacks are becoming much more sophisticated. “Never before have we had that amount of dedicated spear phishing in the state,” said Lohrmann.
3 Things to Do to Prevent Being a Victim:
- Verify: Never provide your log-in credentials if you are suspicious of the email, contact the company or organization that has supposedly sent you the email.
- Research: look at the email for any language that seems wrong, where the email was sent from, and maybe even do a quick Google search. It’s possible that others have reported the attack, and you can better understand legitimacy.
- Ask: If you are the least bit suspicious, contact IT and ask for confirmation or insights.
As we continue on through cybersecurity month, we want to help you stay safe. Below are GovLoop resources and reports with many best practices and strategies to improve your cyber defense:
- Your Cybersecurity Cheat Sheet
- Navigating the Cyber Threat Landscape
- Cyber Security in Focus [Infographic]
- Providing Secure Mobility for Agencies [Report]
- Agency of the Future Guide: Winning the Cybersecurity Battle
- Important Weapon in the Cyber War: SecureView MILS Workstation
- 9 Sources of Cyber Threats Highlighted in GAO Report