Types of Phishing Attacks

A cyberscammer will use a variety of tactics and ploys to disguise themself as trustworthy in an effort to gain access to information. As technologies evolve, so does the scammer’s ability to influence your decision about their trustworthiness. Phishing is a common attack method used by scammers.

There are different types of phishing attacks:

• Email phishing: an attacker masquerades as someone you may know or a company with whom you interact for business purposes. Hyperlinks are embedded in their message with the hope that you will click and be taken to a nefarious website.
• Malware phishing: An attachment is added to an email message that, when opened, will infect your computer with malware or a virus.
• Spear phishing: Customized email messages target specific individuals with malware-infected attachments or hyperlinks to malware-infected websites.
• Whaling: Similar to spear phishing, scammers use customized email messages that are purportedly sent from an executive to their direct contacts. Their hope is to attract executive level leadership into divulging important business information.
• Smishing: This is a form of phishing that uses text messages instead of email messages. While the communication medium may be different, the intent is the same: steal information from an individual.
• Vishing: Fraudulent call centers attempt to trick individuals into providing sensitive information over the phone.

Common Tactics:

• Skilled communication: the message, whether it is an email, text or voice, appears legitimate and is intended to manipulate the intended recipient.
• Perceived need: The intended victim feels the need to quickly act because of an urgent need.
• Trust: Scammers attempt to create trust with the intended victim by impersonating a trustworthy source.

What are the common errors that indicate the source cannot be trusted?

• The display name or email address does not match who they are purporting to impersonate.
• Typos
• The hyperlink does not match the link text.

If you feel you have become the victim of a phishing attack, please contact one of the IT Support Specialists in OSU Agriculture IT.

For more information:

• https://staysafeonline.org/
• https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
• https://www.techtarget.com/searchsecurity/definition/phishing
• https://www.microsoft.com/en-us/security/business/security-101/what-is-phishing

Why is Cybersecurity Awareness Important?

In today’s information age, where technology plays an integral role in our daily lives, the importance of cybersecurity awareness is often overlooked but cannot be overstated. From personal data leaks to large-scale cyberattacks on corporations and governments, the digital world is saturated with threats that can have far-reaching consequences.

This article delves into the reasons why cybersecurity awareness is not just an option, but is very important for individuals, organizations, and society.

Protection of Personal Data

According to the U.S. Federal Trade Commission (FTC), identity theft remains one of the top consumer complaints. In 2020, the FTC received 1.4 million fraud reports, with identity theft accounting for 20% of those reports. Cybersecurity awareness empowers us to recognize the signs of phishing emails, fraudulent websites, and malicious software, helping us safeguard our personal information from falling into the wrong hands.

Financial Security

The financial impact of cyberattacks is significant. According to the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3), in 2020, the total cost of cybercrime reported to IC3 exceeded $4.2 billion. Understanding cybersecurity basics can help us recognize potential scams and keep us from falling victim to scams and phishing attempts that can lead to financial and data loss for OSU.

Preservation of Reputation

Cybersecurity breaches can tarnish an organization’s image. The U.S. Department of Health and Human Services reports that in 2020, there were 642 healthcare data breaches affecting over 30 million individuals. We provide training and information every October. Cybersecurity awareness helps educate staff and ourselves on potential risks, reducing the likelihood of data breaches and preserving our hard-earned reputation at Oklahoma State University and OSU Agriculture.

Safeguarding Intellectual Property

Intellectual property theft can be a concern for the university. The FBI’s Economic Espionage Unit reports that cyberattacks aimed at stealing intellectual property are on the rise. Cybersecurity awareness helps OSU and the Extension county offices protect their valuable intellectual assets from theft.

Cyber Hygiene for Everyone

Just as personal hygiene practices prevent disease spread, cyber hygiene practices help prevent digital threats. The Cybersecurity and Infrastructure Security Agency (CISA) recommends good online habits like regularly updating software and using strong passwords. These habits reduce vulnerabilities and contribute to a safer digital environment for everyone.

The Pervasiveness of Cyber Threats

According to the U.S. Department of Homeland Security (DHS), cyber threats are constantly evolving. Awareness of these threats is crucial to staying ahead of cybercriminals. Your Computer Support Specialists work tirelessly to identify and mitigate emerging threats, but an informed staff and employee is the first line of defense.

Conclusion

Cybersecurity awareness is not a luxury but a necessity in today’s interconnected world, as supported by government statistics. Ignorance or complacency in this regard can have dire consequences. By understanding the importance of cybersecurity awareness and actively implementing best practices, we and the university can better protect and contribute to a safer digital environment for all. In the age of information, knowledge is power, and cybersecurity awareness, backed by government data, is the key to securing our digital future.

Sources for Statistics

1. Federal Trade Commission (FTC) – The FTC provides reports and statistics on identity theft and consumer complaints related to cybersecurity.
2. Federal Bureau of Investigation (FBI) – The FBI’s Internet Crime Complaint Center (IC3) offers information on cybercrime, including statistics and reports.
3. U.S. Department of Health and Human Services (HHS) – HHS provides data on healthcare data breaches and security in the healthcare sector.
4. Cybersecurity and Infrastructure Security Agency (CISA) – CISA is a U.S. government agency that offers resources, alerts, and reports on cybersecurity threats and incidents.
5. U.S. Department of Justice – The Department of Justice may provide information on legal and regulatory compliance related to cybersecurity.
6. U.S. Department of Homeland Security (DHS) – DHS often publishes reports and resources on cybersecurity threats and trends.