Fight the Phish

The theme for Week 2 of Cybersecurity Awareness Month is

Fight the Phish

From the Colonial Pipeline to T-Mobile, cybersecurity attacks have been rampant over the last 12-24 months. However, for all the emerging threats and news that are cropping up, phishing continues to quietly wreak havoc, and remains a major threat to individuals and businesses.

Don’t overlook phishing as a cyber risk. It’s been a major threat for decades. In fact, 43 percent of cyberattacks in 2020 featured phishing or pre-texting, while 74 percent of US organizations experienced a successful phishing attack last year alone. Phishing is one of the most dangerous and effective attacks methods used against your organization. As a result, you need to know how to fight the phish.


Know the Red Flags

Phishes are masters of making their content and interactions appealing. From content design to language, it's difficult to determine whether the content is genuine or a potential threat, which is why it is so important to know the red flags. Awkward and unusual formatting, demands to click a hyperlink or open an attachment, and subject lines that create a sense of urgency are all tale-tale signs that the content you received could be a phish and you should be handle it with caution.

Verify the Source

Phishing content comes in a variety of ways. Many phish will try to impersonate someone you may already know -- such as a colleague, service provider or friend -- to trick you into believing their malicious content is actually trustworthy. Don’t fall for it. If you sense any red flags that something may be out of place or unusual, reach out directly to the individual to confirm whether the content is authentic and safe. If not, break-off communication immediately and flag the incident through the proper channels.

Be Aware of Vishing and Other Phishing Offshoots

As awareness has spread about phishing, bad actors have switched up their phishing efforts beyond email. Voice phishing -- or vishing -- has become a primary alternative for bad actors looking to gain sensitive information from unsuspecting individuals. Similar to conventional phishing, vishing is typically executed by individuals posing as a legitimate organization -- such as a healthcare provider or insurer -- and asking for sensitive information. Simply put, be wary of any sort of communication that asks for personal information, whether it be via email, phone, or text -- especially if the communication is unexpected. If anything seems suspicious, break-off the interaction immediately and contact the company directly to confirm the veracity of the communications.

Phishing, is an oldie, but goodie, and that’s because it works.

In honor "Fight the Phish" I've released a brand new guide to help you catch that email. In this complimentary guide you'll receive 5 hot tips to have you catch that phish before it catches you. Snag it now at

Do you want to learn more about vishing? Head over to Facebook and watch this Two Minute Tip on Vishing.


Popular posts from this blog

Is that love in the air or catfish?

Cybersecurity Careers

Here’s to cheating, stealing, fighting, and drinking