October 9, 2024

Trick or Truth?

October is National Cybersecurity Awareness Month—a time for both the public and private sectors to unite in promoting the importance of online safety. This initiative aims to educate everyone about how to protect themselves and their information in an increasingly digital world. Remember, we all have a role in keeping our online spaces secure.


Cyber threats are real, and no organization or individual is 100% safe from attacks to their personal data. However, with the right precautions and a bit of effort, we can safeguard ourselves from online dangers. 


One common threat is phishing, which comes in several forms, all designed to trick individuals into revealing sensitive information.


What is Phishing?


Email phishing is the most prevalent type. Attackers craft emails to look like they come from trustworthy sources—think banks or organizational departments. For instance, you might receive an email pretending to be from Texas A&M University’s financial department, claiming there’s an issue with your paycheck and urging you to click a link to verify your personal information. This tactic is meant to lure you into sharing sensitive data or clicking on malicious links, jeopardizing your personal and financial security.


Smishing involves phishing attempts sent via SMS text messages. Attackers may text you about a supposed prize, prompting you to click a link to claim. Similarly, vishing refers to phishing attempts made over the phone, where scammers impersonate legitimate organizations to extract personal information.


Phishing is getting increasingly more believable with the help of AI. In recent headlines, an AI-driven vishing attempt involved a sophisticated scam where cybercriminals used deepfake technology to mimic the voice of a company executive. This scam occurred in a financial institution, where the fraudsters created a near-perfect audio replica of the CEO's voice. The attackers called a lower-level employee, posing as the CEO, and instructed them to initiate a significant money transfer.


The employee, believing they were following a legitimate directive from their boss, complied and transferred a substantial sum before realizing it was a scam. This incident highlighted the increasing use of AI and deepfake technology in vishing attacks, raising concerns about security measures and the need for companies to educate their employees on recognizing such threats.


Other tactics include:

  1. Website spoofing: Attackers create fake sites that mimic legitimate ones to capture your login credentials. For example, you could be directed to a fraudulent site that looks just like your bank's login page. 
  2. Social media phishing: Scammers use fake accounts or messages to trick you into sharing personal information, often through direct messages promising exclusive access to events.
  3. Pharming: Users can be redirected from legitimate websites to fraudulent ones without their knowledge, often due to malicious code. You might type in the correct website address but end up on a fake site instead.

Protect Yourself with these Three Steps


Recognize. Resist. Delete.


To effectively combat phishing, start by recognizing the signs. Be cautious of emails with urgent or emotionally charged language that pressures you to respond quickly. Watch for requests for personal or financial information—legitimate organizations rarely ask for such details via email. Also, be wary of shortened URLs and misspelled email addresses, like "tamuu.edu" instead of "tamu.edu." While poor grammar used to be a red flag, phishing emails can now appear well-written, thanks to AI.


Once you spot a potential phishing attempt, resist the urge to click on any suspicious links or attachments. If something feels off, report the attempt using the report feature next to the sender’s email or the “report spam” option in your email settings. Finally, delete the message. Don’t reply or click on any links, including "unsubscribe" options, as these can lead to further phishing attempts or malware.


By recognizing, resisting, and deleting suspicious communications, you can significantly reduce your risk of falling victim to phishing scams. Stay vigilant this Cybersecurity Awareness Month and help keep our online community safe!