Cyber Security Awareness Month – Does something seem phishy? Don’t click the link!

December 15, 2020 – Defence Stories

October is internationally recognized as Cyber Security Awareness Month (CSAM). Throughout the month, a series of initiatives raised awareness among Defence Team members on cyber resilience and how to better protect yourself and the department in the cyber domain.

One of these activities included a simulated phishing exercise.

What is phishing?

Phishing is the act of sending an authentic-looking – but fake – email to a user in which the sender claims to be a legitimate financial institution, government department, recognized business or trusted individual.

A phishing email generally contains a link or a malicious attachment that executes a program called “malware” or directs the user to visit a website where the user is fooled into providing personal information such as passwords, credit card details, social insurance, passport or bank account numbers.  

What about the simulated phishing exercise?

During the exercise, a randomly selected sample of Defence Team members received emails from what looked like familiar senders. Emails with the following subject lines were used for the simulated phishing exercise: 

• “Defence Team News”
• “Microsoft Defence 0365 Account Recovery”
• “Make the most of GCLearning- Mandatory Online Training Requirements for all DND Staff”, and 
• “Defence Learning”

If you have received one of these exercise emails and clicked on the link, you would have been redirected to an educational page outlining the correct way to deal with a phishing email, namely by paying special attention to the sender and link information. If you have deleted the email without clicking the link, you passed the test! If you also reported it to your Information System Security Officer (ISSO), even better!

Of course, you can continue to trust our Defence O365 Cloud, Defence Team News and Public Service School training notifications!

This email phishing exercise was intended to increase our awareness of phishing emails and how to deal with them. The exercise used emails with themes familiar to  Defence Team members and similar to those routinely used by malicious actors. Everyday, our cyber security systems block large volumes of these common attacks. Unfortunately, once in a while, one of them slips through. This is where we rely on each of you, as our last line of defence, to identify them successfully.

When in doubt, contact your Information Systems Security Officer (ISSO)

If you’re questioning the legitimacy of an email or pop-up, or have other information technology security concerns, it’s always best to contact your Information Systems Security Officer (ISSO) who is in the best position to provide an answer or know who to contact to get appropriate support.

For more information on phishing and other IT security risks and tips please visit the IT Security Risks and Tips page.