Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity Awareness Month: Fight the Phish

CSAM 2021 Blog Image

This week’s blog post highlighting Cybersecurity Awareness Month is from NIST’s Dr. Shaneé Dawkins, Computer Scientist in ITL’s Visualization and Usability Group. In this post, Shaneé  discusses Phishing attacks and scams, as well as ways to keep your information protected.

How did you end up at NIST working on cybersecurity projects?

I have been a computer scientist in ITL’s Visualization and Usability Group for about 10 years conducting research on the human aspects of information technology. At the end of 2019, an opportunity was presented to join the group’s Usable Cybersecurity program and I jumped at the chance. I always kept up-to-date on the program’s research projects, so I was very excited to join something that had such a great real-world impact. Six months later I became the project lead for our phishing effort, studying human susceptibility to phish emails.

What does being ‘Cyber Smart’ mean to you when it comes to phishing attacks?

Being Cyber Smart means having the awareness that anyone can be phished, and being on guard to protect yourself and your organization against phishing threats. When you receive an email, pause a moment to process the message and its content. Being Cyber Smart is not falling for common tactics – such as limited time offers or offers too good to be true – used by attackers to elicit a rash judgment under pressure, compelling you to click a fraudulent link or download a malicious attachment. Being Cyber Smart when it comes to phishing attacks is to stop and think about an email’s sender and the message’s content before you click.

What does the average person need to know about phishing?

Attackers can reach you through different avenues, including email or text message. Anyone can be phished – Phish can be sent to your work email address or personal email address. You may think you do not have access to anything worth stealing, but all of us are targets, not just upper management. Anyone can be an entry point to infect and expose a larger organization. Anything can be spoofed – the sender’s email address, the content of the message, URLs, logos, everything!

What is your favorite thing about working at NIST?

NIST offers such a unique opportunity to do research that I enjoy with such amazing scientists. I am also able to learn about so many interesting topics from world-renowned scientists across NIST. Most of all, the work we do has such a great and positive impact on the real-world, addressing actual problems that people face!

Anything else you would like to add?

More information about our Usable Cybersecurity program is at https://csrc.nist.gov/Projects/Usable-Cybersecurity. In addition to the phishing project, we have research projects on usable privacy, cybersecurity adoption and awareness, the Internet of Things, authentication, and more!

About the author

Shaneé Dawkins

Dr. Shaneé Dawkins is a Computer Scientist in the Visualization and Usability Group at NIST, where she performs research focusing on human centered design and evaluation guidelines and standards. She...

Comments

Add new comment

  • This question is for testing whether or not you are a human visitor and to prevent automated spam submissions. Image CAPTCHA
    Enter the characters shown in the image.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Posts that violate our comment policy will not be posted.