Federal Agencies’ Joint Anti-Phishing Manual Bares How to Avoid Hackers’ Traps

The Cybersecurity and Infrastructure Security Agency, the National Security Agency, the Multi-State Information Sharing and Analysis Center and the FBI issued on Wednesday their jointly developed manual identifying malicious cyber tactics and countermeasures against hackers. 

The agencies’ work, titled “Phishing Guidance, Stopping the Attack Cycle at Phase One,”  details two common hacker objectives: phishing for login details and phishing for malware deployment. 

The guide further describes some cyberattack techniques, such as impersonation of users’ trusted connections and faking caller identification in the Voice over Internet Protocol system of mobile devices. 

The anti-phishing guide is an aid for all organizations to better understand evolving cyberattack approaches and the cybersecurity controls needed to counter them, CISA said.

The typical advice to avoid clicking links on suspicious emails is not enough, according to Sandy Radesky, CISA’s associate director for vulnerability management. 

The agencies’ joint guidance offers practical controls for end-users as well as technology vendors to reduce cyber vulnerabilities and potential phishing damage, she added.

The manual’s hacking avoidance suggestions include using phishing-resistant multi-factor authentication solutions, such as FIDO authentication to screen out emails with malicious links asking for usernames and passwords.