The Department of Homeland Security’s (DHS) “If You See Something, Say Something” campaign officially launched in 2010 as a nationwide effort to expand on the New York Metropolitan Transportation Authority’s (NYMTA) response to the September 11th attacks.
While the campaign centers mainly on reporting suspicious physical activity observed, the Cybersecurity & Infrastructure Security Association (CISA) contributes to the awareness campaign and the benefits are easily translated to the overall digital realm beyond potentially terroristic intent.
If you receive suspicious emails, texts, phone calls, or social media messages, it’s best to report them immediately. For those receiving these via their work-related functions and accounts, reporting suspicious activity to your IT department, in addition to an organization like CISA, can greatly mitigate the potential impact of a cyberattack.
Phishing (a cyberthreat vector conducted via email), smishing (also known as phishing via text message), vishing (phishing conducted via phone call), or suspect social media messages impersonating a vendor or even customer (angler phishing) can all lead to damaging outcomes.
By reporting phishing and other cyberthreats, cybercriminals are cut off and forced to execute a new scheme and develop a new cyberattack origination point or another phishing type.
In order to be prepared to properly report suspicious activity like phishing attempts, you’ll need to be trained to spot the telltale signs, and even some of the more difficult trademarks, of phishing with a holistic cybersecurity training and awareness program.
A comprehensive cybersecurity training program will include phishing simulation in addition to training content designed to help the user learn through a series of short courses.
When looking for suspicious digital activity, phishing attempts have several telltale signs including: spelling mistakes, grammatical errors, aggressive calls to action, requests for funds or credentials.
In addition to the easy phishing signs, there can be more intricate phishing attacks capable of slipping up even the most wary, cautious users.
Things like a faux unsubscribe button can entice a user to “remove” themselves from a junk list they do not want to receive communications from. It’s just as easy to send it to a junk or quarantine inbox using our KillPhish plug-in for further evaluation.
Well-designed logos to mimic legitimate companies with fully-executable landing pages to obtain login or authorization credentials to platforms or services you may be subscribed to can trick many users just as easily as other nefarious replication tactics leading you to think the email is real.
A recent example of what you should do when you think you’ve been phished happened at Reddit. The company was exposed by a phishing attack targeting internal systems, code, and documents but how it responded to the event resulted in mitigated damages. Detection and response time are both crucial components in a thorough incident response plan that encourages users to report mistakes and suspicious activity if they believe they may have fallen victim to a phishing attack or other cybercrime.
If you’re looking to create a cybersecurity awareness program from scratch, enhance an existing cybersecurity defense strategy, or optimize your human firewall to defend any potential gaps, we’re here to assist!
Get started with a free demo and trial of our solution ecosystem today.
Phishing kits are becoming one of the most accessible components within a cybercriminal's arsenal.
Deepfakes are on the rise with AI. Are you ready to defend against them?
We break down how to spot and avoid tax season phishing scams.
