Mindful clicking: A cyber threat brief with the FBI

An open laptop, dark screen, with light green vertical text, light green horizontal text, and a faint image of a person wearing a hoodie (you can't see their face).
(Image by vicky gharat from Pixabay)

One of the many events held to celebrate October as Cybersecurity month was the Cyber Threat Brief with Scott Hellman from the FBI. This live discussion, hosted by Stanford University, centered on the most common cyber threats the FBI sees, how people are targeted, and basic methods to protect yourself. 

The amount of damage cyber attacks cost is astounding. The average cost to a university from a ransomware attack is one million dollars, with the average cost of fixing a breached network at two million dollars. Unfortunately, it only costs the average cyberattacker $35 a month to launch attack campaigns. 

The most reported security event continues to be phishing attacks. Attacks that cause the most financial damage are Business Email Compromise (BEC) phishing attacks. The FBI estimates that almost two billion was lost through clicks in emails in 2020. 

Criteria found in most phishing emails include:

  • A change in business practice
  • Last-minute timing on a change or action needed
  • Urgency (must be done immediately)
  • A need for confidentiality

This type of email fraud was already happening regularly, and the FBI is finding there is even a higher risk now due to Covid, such as emails suggesting Covid as a reason for making a business change or using Covid-related phishing links that offer artificial vaccines, or some other Covid relief. Other common scams right now include false employment or unemployment claims and telework claims. 

While these phishing attacks are on the rise, Hellman says the most efficient way for users to ensure their safety is with what he calls “Mindful Clicking.” Emails are the most likely way individuals will be targeted, and Scott believes attackers count on their intended victims being busy and rushing through their emails. So remember to read through every email carefully and check every link before clicking. Refer to How to Spot Phishing and Other Scams and Phishing & Suspicious Email for more information on Phishing and how to protect yourself against these attacks. 

Author: Jennifer Wilkerson, ITS Information Assurance

Jen is the lead performance support analyst with ITS Information Assurance. You can reach her at jmruk@umich.edu.