Protect Your Email

Phishing is a form of social engineering in which a cyber threat actor poses as a trustworthy individual or organization to lure a victim into providing sensitive information or network access. Once the actor gains initial access, they may be able to interrupt or damage systems, escalate user privileges, and maintain persistence on compromised systems to enable future attacks.

Use these resources to mitigate against phishing:

• Election Infrastructure Cybersecurity Readiness and Resilience Checklist - This checklist provides a series of questions to guide the decision-making necessary to prepare for potential cybersecurity incidents.
• Multi-factor authentication (MFA) - This fact sheet provides an overview of MFA and explains how to implement a layered approach to securing data and applications where a system requires a user to present a combination of two or more credentials to verify a user’s identity for login.
• Malicious Domain Blocking and Reporting (MDBR) - A free service offered to EI-ISAC members; this quick-to-configure and easy-to-deploy cloud-based secure domain name system (DNS) service prevents IT systems from connecting to harmful web domains, helping limit infections related to known malware, ransomware, phishing, and other cyber threats.
• Endpoint Security Services (ESS) - A free service to EI-ISAC members, ESS is a solution deployed on endpoint devices to identify, detect, respond to, and remediate security incidents and alerts.
• .Gov Domain - Transition official government domains to a top level .gov domain. This makes it easy to identify governments on the internet and using a .gov domain shows you’re official.
• Phishing Guidance: Stopping the Attack Cycle at Phase One - This guide outlines phishing techniques malicious actors commonly use and provides guidance for both network defenders and software manufacturers.
• Phishing Postcard - This postcard explains phishing, provides signs of phishing, and lists tips to help prevent falling victim to phishing.