Letter from the CISO, Vol 2 Issue 4
Washington University Community:
What’s the best defense against the phishing attacks responsible for over 90% of cyber intrusions and breaches?
The simple answer is all of us working together. And “The Hook.”
Given time, attention, basic suspicion, and a little paranoia, we can all individually spot most phishing messages, especially with guidance about “Social Engineering Red Flags.” (If you haven’t read it before, please give it a look. It’s a quick read.)
But we are all also very busy, trying to race through our email so we can get to our important work, studies, or fun. We’re also wired for trust, not paranoia!
This is why the “all of us” part of my simple answer is vital.
Everyone at WashU is part of our Information Security team and on the lookout for phishing messages. Someone is sure to catch phishing messages, and we are safer together than we are as individuals.
But how do one person’s detection and reporting efforts protect all of us?
In advertising, “the hook” is the message that grabs someone’s attention and impels them to read the rest of the ad or watch the rest of the commercial. As I’m writing this, I keep thinking of Meghan Trainor’s song “All About That Bass.” That lyric and tune just won’t stop playing in my head, which means I’ve been hooked!
But the (cyber security) Hook we need to focus on is the ”Phish Alert Button” (PAB) in Microsoft Outlook (on PCs, Macs, iPhones, and Androids). [Insert image of the PAB here.] This button lets you quickly and easily report a suspected phishing message to our Information Security experts for analysis. Unfortunately, the PAB looks different in different versions of Outlook, so check here for details.
So far, in our phish tests, about 10% of users report them. This is okay, but I think we can do better, so I’m writing about the PAB “Hook” today. I hope that by letting you know it is there and that it is important to use, we can improve our reporting rate to 20% or even 25%. This matters because the more quickly people report phishing messages, the faster we can deal with them.
Benefits of using the Hook
There are several benefits of using the Hook rather than forwarding suspicious messages to email@example.com, which was previously the preferred action. In short, using the PAB to report messages:
- gives you immediate confirmation if the message was a test.
- speeds our analysis of messages that aren’t malicious so we can let you know when that is the case and
- allows us to quarantine real phishing messages and protect every WashU user.
If you don’t use Microsoft Outlook, the PAB is unavailable to you, and you still need to forward messages to firstname.lastname@example.org. In this case, please forward it as an attachment so the InfoSec experts get the full message headers.
Technical aside: The speedier analysis mentioned in #2 is due to getting the entire message with headers into our analysis system, which automatically analyzes the message, acknowledges your submission, and helps us give you the “all clear” if the message isn’t malicious, or remove all similar messages from all WashU mailboxes if it is malicious.
Thank you for reading and being part of the University’s Information Security team!
Good luck, and be careful out there!
-Chris Shull, CISO