Assignment Task:
175 words each
Post 1:
I've read a lot about the dangers of spear-phishing, especially how it uses psychological tricks (CISA, 2021). Unlike generic phishing emails, spear-phishing targets specific people to steal sensitive info or money. Attackers often gather public information to make their emails appear convincing, playing on emotions such as trust or fear ("Counterintelligence tips," n.d.).
I can spot this kind of threat by paying close attention to the interaction instead of reacting on impulse. For instance, if I receive a desperate-sounding email that appears to come from my university's financial aid office and demands quick action, the fake urgency is a major warning sign (CISA, 2021). I make sure to check the sender's email address carefully for minor misspellings, such as swapping letters in the domain name. I also hover over links to verify the website URL before clicking (CISA, 2021).
While I can't stop cybercriminals from targeting my inbox, I can do things to lower my risk. My main tactic is out-of-band verification: if I receive an email requesting sensitive information, I confirm the request by calling the sender at a trusted, saved phone number ("Counterintelligence tips," n.d.). I also use Multi-Factor Authentication (MFA) on all my important accounts, so stolen passwords alone can't give an attacker access (CISA, 2021). In the end, staying aware of new social engineering tricks helps reduce the damage these threats can cause. Need Assignment Help?
References:
Avoiding social engineering and phishing attacks | cisa. America's Cyber Defense Agency. (2021, February 1).
Counterintelligence tips. (n.d.).
Post 2:
I love that this is the topic this week because I dealt with a cyber threat at work today. I work as a case manager in behavioral health care so the content on my work computer is highly sensitive information and any leak of that information would be a breach of HIPAA. Today when looking up a website that was supposed to be 'arrest.org', which shows you any arrest in any U.S. state, I accidently typed arrest.com, which immediately sent me a virus pop us. Not even 5 minutes later, I start receiving pop up after pop up that kept trying to get me to "get rid of the virus." Every time I cleared one away, 5 more came up. Luckily, the guys from IT were still in the office and able to help me. The person I was working within IT said that viruses like this have the ability to go into permissions and allow themselves to send popup without the user ever giving permission.
Luckily, pop up scams are pretty easy to identify, in this example, they were bright, unable to be closed, said "Protect Against Viruses" and "You Have A Web Virus" with a big Click Me button, and overall rather annoying. Though not all are like that. Some can look like they come from your software protection company, in emails, or just on the sides of whatever website you may be using. Unfortunately, you can't always tell which choices are the wrong ones till it's too late, like typing in the web address and it automatically taking you to the very obviously sketchy page.
The bright side, at least that I found, is that threats like these can be easier to avoid. They're goal is to create a sense of panic, to make you think you have been hacked immediately, when you haven't. They want you to panic bad enough to click them so the actual virus can be placed. In order to address and prevent pop up viruses like the one I dealt with today, the Federal Trade Commission suggests using security software, recognizing common threats like phishing emails or fake security warnings, and avoid risks like using unfamiliar websites and downloading free stuff or content from emails you don't recognize (FTC, 2025).
I got very lucky that I was still at work when this happened and that I work with a team of people who could help.
FTC. (2025). Malware: How To Protect Against, Detect, and Remove It. Consumer Advice. Federal Trade Commission.