This week’s blog post highlighting Cybersecurity Awareness Month is from NIST’s Dr. Shaneé Dawkins, Computer Scientist in ITL’s Visualization and Usability Group. In this post, Shaneé discusses Phishing attacks and scams, as well as ways to keep your information protected.
I have been a computer scientist in ITL’s Visualization and Usability Group for about 10 years conducting research on the human aspects of information technology. At the end of 2019, an opportunity was presented to join the group’s Usable Cybersecurity program and I jumped at the chance. I always kept up-to-date on the program’s research projects, so I was very excited to join something that had such a great real-world impact. Six months later I became the project lead for our phishing effort, studying human susceptibility to phish emails.
Being Cyber Smart means having the awareness that anyone can be phished, and being on guard to protect yourself and your organization against phishing threats. When you receive an email, pause a moment to process the message and its content. Being Cyber Smart is not falling for common tactics – such as limited time offers or offers too good to be true – used by attackers to elicit a rash judgment under pressure, compelling you to click a fraudulent link or download a malicious attachment. Being Cyber Smart when it comes to phishing attacks is to stop and think about an email’s sender and the message’s content before you click.
Attackers can reach you through different avenues, including email or text message. Anyone can be phished – Phish can be sent to your work email address or personal email address. You may think you do not have access to anything worth stealing, but all of us are targets, not just upper management. Anyone can be an entry point to infect and expose a larger organization. Anything can be spoofed – the sender’s email address, the content of the message, URLs, logos, everything!
NIST offers such a unique opportunity to do research that I enjoy with such amazing scientists. I am also able to learn about so many interesting topics from world-renowned scientists across NIST. Most of all, the work we do has such a great and positive impact on the real-world, addressing actual problems that people face!
More information about our Usable Cybersecurity program is at https://csrc.nist.gov/Projects/Usable-Cybersecurity. In addition to the phishing project, we have research projects on usable privacy, cybersecurity adoption and awareness, the Internet of Things, authentication, and more!