How Can You and Your Employees Avoid It?
The Cybersecurity and Infrastructure Security Agency (CISA) is warning about an email phishing scam that tricks users into clicking on malicious attachments that look like legitimate Department of Homeland Security (DHS) notifications.
The email campaign uses a spoofed email address to appear like a National Cyber Awareness System (NCAS) alert and lure targeted recipients into downloading malware through a malicious attachment.
CISA says that users should take the following actions to avoid becoming a victim of social engineering and phishing attacks:
Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem.
When users respond with the requested information, attackers can use it to gain access to the accounts. Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as:
Why Can Email Attachments Be Dangerous?
Some of the characteristics that make email attachments convenient and popular are also the ones that make them a common tool for attackers:
Get New School Security Awareness Training
You must train your employees to be constantly vigilant to identify attackers’ attempts to deceive them. New-School Security Awareness Training will provide the knowledge they need to defend against these attacks.
What Is New-School Security Awareness Training?
More than ever, your users are the weak link in your IT security. You need highly effective and frequent cybersecurity training, along with random Phishing Security Tests that provide several remedial options in case an employee falls for a simulated phishing attack.
With world-class, user-friendly New-School Security Awareness Training, you’ll have training with self-service enrollment, completion logs, and both pre-and post-training phishing security tests that show you who is or isn’t completing prescribed training. You’ll also know the percentage of your employees who are phish-prone.
And with the end-user training interface, your users get a fresh new learner experience that makes learning fun and engaging. It has optional customization features to enable “gamification” of training, so your employees can compete against their peers on leaderboards and earn badges while learning how to keep your organization safe from cyber attacks.
With New-School Security Awareness Training You’ll…
Have Baseline Testing to assess the phish-prone percentage of your users through a free simulated phishing attack.
Train your users with the world’s largest library of security awareness training content; including interactive modules, videos, games, posters and newsletters, and automated training campaigns with scheduled reminder emails.
Phish your users with best-in-class, fully automated simulated phishing attacks, and thousands of templates with unlimited usage, and community phishing templates.
See the results with enterprise-strength reporting that show stats and graphs for both training and phishing, all ready for your management.
Plus, you can access Training Access Levels: I, II, and III giving you access to an “always-fresh” content library based on your subscription level. You’ll get web-based, on-demand, engaging training that addresses the needs of your organization whether you have 50, 500 or 5,000 users.