Three days ago, I received the following phishing text:
Now, there are a host of indicators that this text did not actually come from Amazon…not the least of which is that Amazon doesn’t send this type of text. But just looking at the message, I can quickly identify 9 clear clues that it’s not legit (10 if I hadn’t hidden the website link, I don’t want anyone to go there and get malware because of this blog post, you’re welcome).
But the scammers, the cyberattackers, they aren’t targeting people like me. Well, that’s not completely true. They ARE targeting me: me when I’m tired, me when I’m overwhelmed, me at the end of a long day, or me early in the morning pre-caffeine. They are targeting me when I’m not vigilant. In fact, the recent Uber attack, and several others, took advantage of what’s called MFA Fatigue. MFA Fatigue is sending multi-factor authentication (MFA) requests over and over until you just give up and approve one. You know, like when you give up and buy the kids (or grandkids) ice cream because they just won’t stop asking!
The situation is clear. For the attackers to succeed is a game of both numbers and strategy. It’s a game of numbers in that even though you and I aren’t very likely to fall for a phishing text like the one above, a small percentage of people will. The attackers then reap their profit or unauthorized access. It’s a strategic game because as more and more people learn what tactics are being used in attacks, so attackers must keep changing up their methods, trying new and less obvious strategies to get people to click.
In our NIST Cybersecurity Framework courses, we work with IT and cybersecurity professionals to show them comprehensive methods to secure their organizations. But to be completely transparent, those individuals are generally not the ones we need to worry about being the source of a breach. It’s all of us just doing our daily work. We aren’t interested in and don’t need NIST framework training or certification. We just want to do the best possible job for our employers. Even so, we can’t ignore cybersecurity, and it would serve all of our organizations, and the security in our personal lives, if we had some appropriate effective cybersecurity training.
On that topic, wouldn’t it be great if your workforce, or even you, could get some high-quality cybersecurity defensive strategy training? Wouldn’t it be great if it could help anyone, from the accountant to the HR professional, to the CEO, to the IT geek? Wouldn’t it be really great if it was FREE?
Well, guess what, we have exactly that coming up! Just in time for National Cybersecurity Awareness Month, we are offering a free, short (it’s only an hour!) webinar entitled CyberSAFE End User Cyber Awareness Training. The presenter is Jon O’Keefe, a seasoned cybersecurity professional who gives incredibly valuable information in a fun and engaging fashion. I am so excited to offer this opportunity to all of your staff. This one-hour webinar is open to anyone, and everyone will get benefits from attending. Did I mention that you will also get a copy of the course materials so you can later go back and review all Jon’s great security tips?
This is something you may want to sign up for yourself, forward to your team, and to anyone else you know with an interest in keeping your organization secure. Again, this is for everyone, not just all you security junkies. So, click here, or here, or even here to register. (Yes, they’re all the same, just checking to make sure you’re paying attention.)
Hope to have you join us on October 25 at 11:00 am Central time!
-Troy Stoneking, Certified NIST Cybersecurity Framework Professional Trainer and Cybersecurity Assessor