You have fallen for an authorized simulated email phishing attack coordinated by Kanza Cooperative Association and the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Please be sure to read this entire message to confirm next steps and any concerns about whether this is from Francisco and Josh.
What is a Phishing Attack?
Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal or company information by posing as a legitimate organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts. Attackers may use these same methods to obtain information about an organization in an attempt to compromise its computer systems.
What Should You Do Now?
First, please do not share with others that an email phishing campaign is underway. Kanza Cooperative’s IT Dept would like to receive an accurate assessment during this campaign. Do check with your designated security point of contact if you have concerns about the legitimacy of this exercise.
Second, no one will be individually identifiable during this campaign. The Department of Homeland Security is conducting this campaign and does not reveal individual email identities. Our objective is only to educate.
Finally, do you know where to report suspected phishing attacks within your organization?
What should you do when you receive a phishing email?
Follow your organization’s standard procedures for dealing with suspected phishing emails. This may include reporting any suspicious email activities to your IT Helpdesk, SOC, or other appropriate designated point of contact, and/or deleting the suspected phishing email.
Upon completion of this email phishing campaign, your organization’s information security team will share statistical results and distribute information on how to avoid becoming a victim of an email phishing attack.