The National Security Agency (NSA) has partnered with other U.S. agencies to warn against the risk of phishing attacks. 

The cybersecurity information sheet (CSI) “Phishing Guidance: Stopping the Attack Cycle at Phase One” outlines cybersecurity controls for information technology (IT) departments to reduce phishing attacks. Cyber actors employ a wide range of technologies and platforms to conduct phishing attacks.

Common vectors include short messaging system (SMS) text messages and chats in platforms such as Slack, Teams, Signal, WhatsApp, iMessage and Facebook Messenger. Such attacks may lure users into divulging their login credentials or clicking a malicious hyperlink or attachment which then executes malware. 

Read the full CSI here.