About 156 million phishing emails are sent around the world every day, so it’s important that you stay vigilant both at work and in your personal lives.

Lifecycle of a phish

Cybercriminals start by choosing someone or a group of people they want to target and the type of information to which they want to gain access. Their goal may be to get Veteran financial or health information or to release ransomware into a system and demand ransom money from the users.

Attackers often compromise their host with a phishing email – or it can be via text or phone call. The victim clicks on a malicious link or reveals the information that the attacker is seeking, believing the email is real. Once they bite, the damage is done. There’s no way to return the information or undo the click. It only takes one successful phishing attack to compromise your network and steal your data, so it’s crucial to “Think Before You Click” and avoid falling for phishing attempts in the first place.

What to do when something smells phish-y

Phishers use emotions like fear, curiosity, urgency, and greed to compel you to open attachments or click on links. The attacks appear to come from real companies or individuals because cybercriminals are becoming more sophisticated every day. Never reveal personal or financial information in an email, don’t respond to email solicitations for information, and don’t follow links in emails that you don’t trust. If you’re unsure whether an email or text is real, try to verify it by contacting the company or sender directly.

Before sending or entering sensitive information in forms or websites online, check the security of the site. Make sure you see https:// in the address where the “s” stands for “secure.” You should also pay close attention to the website’s URL. Malicious websites may look identical to a legitimate site, but the URL may vary in spelling or be sourced from a different domain.

Some other helpful tips to keep in mind:

  • Use multi-factor authentication on all apps, accounts, and social platforms that offer it.
  • Monitor your online accounts regularly.
  • Keep your browser, installed programs, and security software updated.
  • Don’t click on email links from unknown sources.
  • Never give out personal information over email.
  • Block pop-up windows in your browser and never click links in them.
  • Track the latest phishing attacks so you know what to expect; for example, monitor resources such as:

By Submitted by VA’s Office of Information and Technology (OIT)

Share this story

Published on Feb. 22, 2022

Estimated reading time is 2.1 min.

Views to date: 1,300

One Comment

  1. Peter Kreutzfeldt March 8, 2022 at 9:35 am

    The VA is not on top of the game of privacy. I was ask to give a stool sample last month and on the container I was ask to give my DOB, SS #, and a number of other informative thing that would enable anyone to enter my Security system. Also when replying to a call from the Tampa VA pharmacy I was asked to type my SS number into the phone. Perhaps the VA IG needs to have a good look at their system of security.

Comments are closed.

More Stories

  • October is Cybersecurity Awareness Month (CSAM), and it’s time to remember that cybersecurity is everyone’s responsibility.

  • 2022 VHA Shark Tank competition finalists will present their pitches at the Innovation Experience in October.

  • More than 821,000 Veterans who want the convenience of an easy app on their smartphones are downloading VA’s Health and Benefits mobile app.