By Olaf van Tol, CIS IT Systems Manager
With so much going on in our busy minds, busy lives, and even busier inboxes, it can be extremely easy to miss small but important details like authentic email addresses—and cybercriminals take great advantage of this.
They also take advantage of our beautifully designed websites when they steal our readily available logos and elements of our branding.
Like schools, organizations and businesses across all sectors, we proudly display our logo on our website. With a couple of clicks of a mouse, cybercriminals can steal our logo and use it to trick, phish, and scam our members into providing information, perhaps finances, that can have far-reaching impact.
When we are fortunate enough to spot dubious and untrustworthy emails before any damage is done, it’s because our members and global team are diligent, mindful and careful enough in that moment to notice that something doesn’t quite look right.
It’s happening right now. A group of cybercriminals is using our publicly-available CIS logo in an attempt to scam or phish our members. From across our community, many members have contacted us to ask for verification "Is this email really from CIS?"
What CIS members can look out for:
If the sender’s email address does not end in ‘@cois.org’ then you know the email is not from us.
This is what an untrustworthy, fake email can look like:
What else can you do?
- Webinars: Members can log in to the CIS Community portal for schools and universities and visit the webinar library for a variety of webinars on this topic.
- Resources and guidance: There is a wealth of expertise, guidance and resources on cybersecurity and data protection on the CIS Perspectives blog.
- Workshops: Our Data Protection workshops are a great source of information where these kinds of scenarios (phishing emails, gaining trust via social engineering, other forms of attack) get discussed and analysed and where advice is shared on how to protect against these kinds of threats. Our members will find updates for new workshops date via the Member Update newsletters.
We do not sell data about CIS members to any organization.
Anyone offering to provide or sell CIS member data is in no way affiliated with CIS.