Cybersecurity Awareness Month 2025
Dishing on “Ishing”
For Cybersecurity Awareness Month 2025 we’re shining the spotlight on one of the biggest threats to individuals and organizations: social engineering. Instead of trying to break into networks through technical vulnerabilities, cybercriminals often take the easier path, tricking people into giving up sensitive information. At its core, social engineering is about exploiting human trust. Instead of hacking machines, attackers “hack” people, using manipulation, urgency, fear, or curiosity to trick someone into clicking a link, sharing a password, or scanning a QR code. These tactics aren’t new, but they’re constantly evolving, and with AI tools and more sophisticated lures, they’re harder to spot than ever.
Like the SNL skit “Delicious Dish” we’re going to be “Dishing on ‘ishing'” this year. Check out the information and resources below for four of the most common forms of social engineering: phishing, vishing, smishing, and quishing. Take a look at how you can protect yourself along with a complete set of resources and fun tools you can use to help promote awareness of each of these forms of social engineering. Jump down to each “ishing” to get more:
- Phishing information, resources, and fun
- Vishing information, resources, and fun
- Smishing information, resources and fun
- Quishing information, resources, and fun
Phishing: Don’t Take the Bait
Phishing is the most common type of social engineering. Attackers send fraudulent emails designed to look legitimate—maybe from your bank, your boss, or even a popular retailer. Their goal? Get you to click a malicious link or open an attachment. Signs of phishing emails often include:
- Urgent language like “Act now!” or “Your account will be closed.”
- Misspellings or slightly “off” logos.
- Links that don’t match the sender’s supposed website.
- Unexpected attachments.
How to protect yourself from phishing:
- Pause before you click. Hover over links to check the real destination.
- Verify the sender. If an email feels suspicious, confirm through another channel.
- Report it. At work, use your “Report Phish” button or forward the email to your security team.
PHISHING RESOURCES & FUN:
Song: Castin Out Lines (rap)
Song: Don’t Get Hooked (hip hop)
Song: Click No More (a rock ballad)
Cybersecurity Awareness Month Podcast – Phishing: The AI Evolution and How to Fight Back
Videos:
Vishing: When the Scam Calls You
Vishing (short for “voice phishing”) happens over the phone. Instead of clicking an email, you’re tricked into handing over information during a call. A scammer might pretend to be from your bank, the IRS, or even your company’s IT department.
Common vishing tactics include:
- Caller ID spoofing to make the number look legitimate.
- Creating a false sense of urgency (“Your account will be frozen unless you confirm now!”).
- Asking you to “verify” sensitive information.
How to protect yourself from vishing:
- Hang up and call back. If someone asks for personal info, call the company back using a known number.
- Be skeptical of urgency. Real institutions don’t demand immediate action over the phone.
- Don’t give information out of the blue. If you didn’t initiate the call, be wary.
VISHING RESOURCES & FUN:
Song: Hang Up The Line (Barbershop Quartet)
Song: Don’t Call Me Cowboy (Country)
Cybersecurity Awareness Month Podcast – Vishing: How voice scams try to exploit you
Videos
Smishing: Dangerous Texts
Smishing is phishing over SMS (text messages). These messages might claim to be from your delivery service, your mobile provider, or even a government agency. They often include a malicious link designed to steal your credentials or infect your phone with malware.
Signs of smishing texts:
- Messages from unknown or odd phone numbers.
- Links shortened with services like bit.ly.
- Messages claiming you won a prize or need to “verify” an account.
How to protect yourself from smishing:
- Don’t click links in texts. Instead, go directly to the official app or website.
- Block and report the sender.
- Keep your phone updated so it has the latest security protections.
SMISHING RESOURCES & FUN:
Song: Text No Worries (Reggae)
Song: Block That Number (Pop)
Cybersecurity Awareness Month Podcast – Smishing: How to spot it if you got it (a text message scam)
Videos:
Quishing: QR Code Traps
The newest social engineering scam on the block is quishing, short for “QR phishing.” It’s when attackers hide malicious links inside QR codes. You might see a sticker on a poster, a code on a flyer, or even one in an email. When you scan, it takes you to a fake site designed to steal your login or credit card information.
Quishing is effective because people don’t always check where a QR code leads—and scammers can place these codes anywhere.
How to protect yourself from quishing:
- Be cautious of random codes. If it’s on a poster or flyer, think twice before scanning.
- Check the URL. Your phone will show the destination—look carefully before clicking through.
- Use your company’s reporting tools. Treat suspicious QR codes the same as phishing emails.
QUISHING RESOURCES:
Song: The QR Code Blues (Jazz)
Song: QR Code Blues (Upbeat Jazz)
Song: Scan and Burn (Disco)
Cybersecurity Awareness Month Podcast – Quishing:
Videos:
Why Cybersecurity Awareness Month Matters
According to industry research, more than 90% of cyberattacks start with social engineering. That means phishing, vishing, smishing, and quishing aren’t just buzzwords, they’re the frontline risks that everyone, from employees to executives, needs to watch out for. This Cybersecurity Awareness Month, our goal is to make learning about these scams memorable and even fun. By combining music, videos, tip sheets, and podcasts, there are multiple ways to absorb and share these lessons. Whether you’re an individual trying to protect your family or a security awareness and training leader rolling out a cybersecurity awareness month campaign for employees, these resources are designed to help you.