You have likely heard about “phishing” and the need to
protect your account credentials from this email threat. But that's not the end of nautically-themed threats of which there are "spear phishing” and “whaling.”
Spear phishing is a targeted phishing
attack that may be harder to spot right away. One example of a spear phish is an email that looks a lot like one you would normally receive, such as
an HR announcement about tax forms or benefit enrollment.
Whaling steers this
kind of attack to the leviathans by targeting highly placed individuals in an
organization. One example might be a request for approval for a funds transfer,
or it might take the form of an urgent request to view a subpoena or other
legal document, requiring the download of a browser add-on to access the document.
The “browser add-on” might really be a key logger that can then record
everything the executive does on their computer.
If all this wasn’t enough, there is one more new threat to
worry about… “vishing.” Vishing is like other forms of phishing with the added
complication of directing the victim to a telephone number where they will be
prompted to give up personal information, adding in some social engineering for scamming that has existed as long as the telephone has been around.
Remember—never divulge passwords, social security number,
or financial account details to email or voice mail requests. Contact the
appropriate department or company via a known, valid phone number, email, or
website to verify any requests. If you have questions about any messages you
receive to your NAU email or voicemail accounts, call the Solution Center at
523-1511. You may also report NAU-related spear phishing attempts.
Remember: the only good phishing is the kind you do at the
lake on your day off!