CollisionWeek

Your source for the latest collision repair industry news, statistics and trend analysis.

  • News
  • Research
  • Feature
  • Subscribe
You are here: Home / News / Federal Agencies Publish Guide on Preventing Phishing Intrusions

Federal Agencies Publish Guide on Preventing Phishing Intrusions

October 19, 2023 By CollisionWeek Editor

Guide helps organizations understand what malicious actors are doing so defenders can adopt appropriate mitigations to phishing.

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC) published “Phishing Guidance, Stopping the Attack Cycle at Phase One” to help organizations reduce likelihood and impact of successful phishing attacks. It provides detailed insight into malicious actor techniques, as well as technical mitigations and best practices to help prevent successful phishing attempts.

A form of social engineering, malicious actors commonly use phishing with the intent to get their targeted victims to visit an illegitimate website or to download malware. To help organizations better understand this activity, this guide categorizes phishing into two common tactics: phishing to obtain login credentials and phishing to deploy malware. It expands upon the two tactics by detailing the techniques frequently used by these actors, such as impersonating supervisors/trusted colleagues, using voice over internet protocol to spoof caller identification, and using publicly available tools to facilitate spear phishing campaigns.

“For too long, the prevailing guidance to prevent phishing attacks has been for users to avoid clicking on malicious emails. We know that this advice is not sufficient. Organizations must implement necessary controls to reduce the likelihood of a damaging intrusion if a user interacts with a phishing campaign – which we know many users do, in every organization,” said Sandy Radesky, Associate Director for Vulnerability Management, CISA. “With our NSA, FBI, and MS-ISAC partners, this guide provides practical, actionable steps to reduce the effectiveness of phishing as an initial access vector. We also know that many of the controls described in this guide can be implemented by technology vendors, reducing burden and increasing security at scale. We strongly encourage all organizations and software manufacturers to review this guide and implement recommendations to prevent successful phishing attempts – by design wherever possible.”

“Knowing how to navigate phishing danger is essential because anyone can fall victim to these attacks,” said Eric Chudow, NSA’s Cybersecurity System Threats & Vulnerability Analysis Subject Matter Expert. “Cyber threat actors are constantly evolving their techniques and harnessing new technologies to their advantage, including artificial intelligence. They are also finding it easier to deceive people who have transitioned to hybrid work environments and have fewer face-to-face-interactions.”

“Our goal in putting out this product is to provide organizations with the necessary knowledge to prevent them from falling victim to phishing,” said Bryan Vorndran, Assistant Director of the FBI’s Cyber Division. “Cyber is a team sport, which is why we strive to arm our partners with the necessary tools needed in combatting malicious actors that use this intrusion technique.”

“Phishing continues to be the most successful method for gaining unauthorized access to state and local government networks,” said John Gilligan, CIS Chief Executive Officer. “Organizations and their employees must understand the risks posed by this attack vector and how to successfully identify and avoid phishing threats. This joint guide is a great reference for state and local organizations.”

This joint phishing guide is intended to be a one-stop resource to help all organizations protect their systems from phishing threats. All organizations, from small- and medium-sized businesses to software manufacturers, are encouraged to review this joint guide to better understand evolving phishing techniques and implement tailored cybersecurity controls and best practices to reduce the risk of compromise.

Filed Under: News Tagged With: Cybersecurity

Interview Sponsors

IBIS Publisher Partner

Login

Remember Me
Subscribe | Lost your Password?

Tags

AAA AASP/NJ Acquisitions Advanced Driver Assistance Systems Agreements Signed Annual Conference Auto Care Association Automotive Service Association Autonomous Vehicles Awards Axalta Coating Systems Board of Directors Boyd Group California Canada Career and Technical Education CARSTAR CCC Collision Industry Electronic Commerce Association Collision Repair Education Foundation Coronavirus Crash Champions Diagnostics Donations Earnings Electric Vehicles Florida I-CAR Lawsuits legislation LKQ Corporation National Auto Body Council Network Affiliations New Jersey New Vehicle Sales Non-OEM Parts Openings People PPG Industries Regulations Right to Repair Scholarships Texas United Kingdom Workforce Development

Recent Articles

  • CCC Partners with BMW to Help Drivers Connect with Certified Collision Repair Facilities and Take the First Step Toward Repair May 29, 2025
  • Crash Champions Selected as Hyundai Authorized Paint Repair Partner May 29, 2025
  • Auto Body Supplies and Paint Named BASF ColorSource Jobber of the Year May 29, 2025
  • Mercedes-Benz to Move North American Headquarters to Atlanta May 29, 2025
  • Tesla Reported to Launch Robotaxi Service in Austin, Texas June 12 May 29, 2025
  • Travelers to Sell Canadian Insurance Operations to Definity for $2.4 Billion May 28, 2025
  • Oklahoma Storage and Total Loss Administrative Charge Price Control Bill Becomes Law May 28, 2025

CollisionWeek Membership

  • Login
  • Lost Password
  • Membership Details
  • Register
  • Sponsors
  • Subscription Information
  • Terms of Use for CollisionWeek

More Information

About CollisionWeek
Contact Us
Privacy Policy
Event Calendar
Take the Collision Repair Business Conditions Survey

Copyright 1999-2025 - QuanDec Corporation - All Rights Reserved · Log in