Video: What is Phishing?


October is Information Security Month! In honor of this, Information Security Manager Arthur Fontanilla is sharing his top cybersecurity tips. With over 20 years of network security experience, Arthur is an expert in conducting security assessments and managing the information security of both private and public organizations. In this video, he discusses what phishing is and how you can avoid it.

Click here to learn more about Acuative's managed security offerings.


This is Arthur Fontanilla, Information Security Department Manager, and October is Information Security Month, so we have a couple of tips to let you know about. Let's begin.

What is Phishing?

Phishing attacks use forged emails and fraudulent websites designed to fool recipients into divulging personal data such as credit card numbers, account usernames and passwords, social security numbers, and other sensitive information. Phishing is a form social engineering that tricks users into believing that they are receiving communication from a valid organization, financial institution, or someone they actually know, when in fact they are not. Although we have protective measures to prevent these types of emails from reaching us, some still do arrive. We stop thousands, but unfortunately, one or two still get through our filters.  

What can I do to protect myself from Phishing?

Alright, let's take these steps:

•    If you get an email or pop-up message that asks for personal or financial information, do not click on any links, reply or respond. Contact the helpdesk immediately and ask for assistance. Legitimate companies will never ask for confidential information via email.
•    Don’t email personal or financial information through your corporate account or through your personal account. These sites may actually be fraudulent and may be tricking you into entering confidential information. Never rush through web pages, especially when dealing with financial or confidential sites.
•    Be very cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. That includes Word, Excel, program files, etc. These files can contain viruses or other software that can weaken your computer’s security.

A popular trick among hackers is to send an email from 'your boss.' They know who your boss is using their public information, and they could send and spoof an email to you and trick you into divulging or sending information or money. I've run across that twice in my career. A 'boss' sent an email to an employee asking them to buy five Amazon gift cards. The employee did this right away and sent the gift card numbers to the fraudulent boss email. Unfortunately, he lost all the money.