The Cybersecurity and Infrastructure Security Agency (CISA) released information on the nature of social engineering and phishing attacks, and how an organization or individual can avoid them. Social engineering involves an interaction between people where the attacker attempts to use social skills and questioning to gain information and infiltrate an organization. Phishing and its variants, vishing and smishing, are social engineering attacks that all involve using some form of communication (emails, calling, SMS, etc.) to obtain information from a desired source. They provide indicators of phishing attacks, such as suspicious email addresses, attachments, or spelling/grammar errors. To avoid these attempts, CISA suggests being suspicious of communications from unknown persons, and keep sensitive information a secret over the internet. Any individual or organization that falls victim to leaking information should report to the appropriate people and take actions to keep financial records and passwords.
