By Olaf van Tol, CIS IT Systems Manager

*Updated February 2023

 

With so much going on in our busy minds, busy lives, and even busier inboxes, it can be extremely easy to miss small but important details like authentic email addresses—and cybercriminals take great advantage of this.

They also take advantage of our beautifully designed websites when they steal our readily available logos and elements of our branding.

Like schools, organizations and businesses across all sectors, we proudly display our logo on our website. With a couple of clicks of a mouse, cybercriminals can steal our logo and use it to trick, phish, and scam our members into providing information, perhaps finances, that can have far-reaching impact.

When we are fortunate enough to spot dubious and untrustworthy emails before any damage is done, it’s because our members and global team are diligent, mindful and careful enough in that moment to notice that something doesn’t quite look right.

It’s happening right now. A group of cybercriminals is using our publicly-available CIS logo in an attempt to scam or phish our members. From across our community, many members have contacted us to ask for verification "Is this email really from CIS?"

What CIS members can look out for:

If the sender’s email address does not end in ‘@cois.org’ then you know the email is not from us.

This is what an untrustworthy, fake email can look like:

 

*For IT administrators working at our member institutions:

We use DKIM and SPF to sign the emails our staff sends out. IT administrators can configure DMARC for their organization to utilise these signatures for automatic filtering—this allows the email system to filter directly to spam those emails that claim to be from CIS but are clearly not. And the burden on staff members to verify and identify suspicious emails can be reduced.

 

What else can you do?

• Webinars: Members can log in to the CIS Community portal for schools and universities and visit the webinar library for a variety of webinars on this topic.
• Resources and guidance: There is a wealth of expertise, guidance and resources on cybersecurity and data protection on the CIS Perspectives blog.