This was a 'phishing' attack...fortunately, it was only a practical exercise...
October is Cybersecurity Awareness Month. Had this been a real phishing attack, you may have just given out your date of birth, social security number, banking information, usernames, passwords or created a vulnerability in our networks. Keep these tips in mind while online:
- Look carefully at the digital signature and the domain to see if it's a trusted source
- Don't forward suspicious looking e-mail
- Don't click on links or download documents unless it's a trusted source
- Create strong passwords (15 characters wither upper/lower case letters, numbers and special characters
- If you see something, say something
- Keep your Common Access Card secured at all times
- Need more training, click here.
- Send spam and suspicious e-mails to email@example.com
Indicators from the e-mail:
- External source & forwarded message: Subject: FW: [EXTERNAL]: military appreciation program - Columbia Employee Store Pass
- Unknown sender: From: James Keefer [firstname.lastname@example.org <mailto: email@example.com> ]
- Relevant to work: Columbia Employee Store Pass
Brought to you by your security office and public affairs. We are also not tracking WHO clicked on the link.