From its website, the Department of Homeland Security’s (DHS) mission is “to secure the nation from the many threats we face.” In essence, the DHS’s job is to create trust, for Americans, in their own security. So, it shouldn’t come as any surprise that hackers would try to exploit that trust by launching an email phishing scam that impersonates email alerts from the DHS.
According to the Cybersecurity and Infrastructure Security Agency (CISA), whose parent is the DHS, “The email campaign uses a spoofed email address to appear like a National Cyber Awareness System (NCAS) alert and lure targeted recipients into downloading malware through a malicious attachment.”
Hackers have a pretty simple playbook. Figure out what people trust and exploit that trust to launch an attack. Phishing attacks aren’t about technology, they’re about trust exploitation. So, in that regard, the DHS phishing attack is no different from any other phishing attack.
So, how do you protect yourself from phishing email masquerading as a DHS alert? The same way you protect yourself from all email-based phishing attacks. With technology that isn’t easily tricked by spoofed email addresses and fake websites. With our cloud-based email threat protection that includes real-time link scanning and smart quarantine to protect against display name spoofing, domain name spoofing and malicious attachments.
Phish Protection protects against spear phishing, ransomware, CEO fraud, impersonation, and other sophisticated email attacks with advanced threat defense. It integrates seamlessly with Office 365, on-premise email solutions and cloud-hosted email solutions. It also works with any device including Mac, Windows, iOS, Android or Linux. Over 1,000 satisfied customers. No contracts. Full price transparency.