October is National Cyber Security Awareness month. As part of our Cyber Security Awareness campaign we will be:
- Distributing information and educational materials
- Re-enrolling all campus employees in the CSU Data Security and FERPA Training
- Conducting an immersive spear-phishing awareness program
The Dangers of Spear Phishing
Chances are you've received a few general phishing emails in your personal or CSUMB inbox before. These emails are sent to the masses, with the hope that just a few of the thousands or millions of recipients fall victim.
Spear phishing emails, by contrast, are targeted attacks that take advantage of personal and professional relationships, organizational hierarchies, and human curiosities. These emails pose a unique threat, as their high level of customization can lead them past even the best technical controls. In fact, CSUMB has been subjected to spear phishing attacks several times in recent months. Fortunately, the recipients were suspicious and the attacks failed.
In today's world, it's a necessity to work online, and spear phishers will use the information we post to trick us into clicking a link, opening an attachment, or entering sensitive information into legitimate-looking websites.
It seems like every time you tune into the news, another organization has suffered a data breach. The most recent breach of Equifax involves personal data for over 143 million people. One of the most effective ways for attackers to gain unauthorized access to an organization’s information assets is through spear phishing emails; in fact, 91% of all breaches start with them, according to industry experts.
If such an email lands in one of our inboxes, we're just one click away from compromising the campus's security which means that you and every member of the CSUMB community are an integral part of our information security posture. To help prevent this attack method from being successful we are about to begin a new, immersive spear-phishing awareness program.
In this program you will periodically receive simulated spear-phishing emails that imitate real attacks. These emails are designed to give you a realistic experience in a safe and controlled environment. This method allows you to become familiar and more resilient to tactics used in real spear-phishing attacks.
While there is no penalty to falling for one of our simulations, we do ask that you take 30–60 seconds to read and understand the brief educational material that is presented afterward.
As the program progresses you should be able to better spot spear-phishing attacks, both at home and in the workplace.
If you recieve a simulated or real phishing email
Although your first instinct might be to delete or ignore suspicious emails, we ask that you report them to our security team. If you've been targeted by a spear phisher, chances are others on campus have been too, so by reporting suspicious emails, you can keep CSUMB safer as a whole.
You'll learn more in the coming months about the warning signs of a spear-phishing attack. If you spot a red flag, reporting the suspicious email is the first step in mitigating the damage it may cause.
To report a suspicious email, simply forward the email to email@example.com and we’ll take it from there.
If you've been scammed
If you suspect that you've responded to a phishing scam with personal or financial information, you should change the passwords of all your online accounts (not just your CSUMB account) that you think might be compromised.