• Beware of public Wi-Fi & use a Virtual Private Network (VPN) whenever possible. CFPB laptops use Always on
VPN, which allows Bureau users to work more efficiently regardless of location. If you have a CFPB laptop and an
internet connection, then you are automatically connected to the CFPB VPN. It’s a more secure and consistent
experience from any location.
Check out additional resources to help you stay safe, avoid scams, prevent identity theft.
April 01, 2021 | CyberWise - How to stay safe online –
in the pandemic and beyond
Follow these top tips to stay safe online to protect both yourself and your CFPB network.
• Never share personal details Keep your full name, date of birth, and other personal information
private; never post personal information in public and check your privacy settings on any website for
which you have an account- especially social media sites- to check your information is secure.
• Watch out for scams 2020 saw an explosion in health-related social engineering attacks, as
criminals tried to leverage peoples’ fears around coronavirus and desperation for a vaccine. Be sure to
check the sender’s email address and any links they ask you to click; and if you can, navigate to the
relevant website yourself.
• Choose a strong passphrase Don’t reuse the same password or passphrase between sites or
accounts. Be sure to never share it with anyone else and avoid storing it or leaving yourself logged in
on shared devices.
• Keep your device secure While using your CFPB work-supplied laptop or device, continue to ensure
the Always on VPN (AOVPN) is in use. For personal devices, try and utilize a VPN and set up two-
factor authentication for as many of your online accounts as possible.
To learn more check out this here’s how to stay safe online – in the pandemic and beyond article
published by the National Cybersecurity Alliance.
March 31, 2021 | CyberWise - Angler phishing
Email is the most common way to be on the receiving end of a phishing attack, but it’s certainly not the
only way. There’s also angler phishing. Angler phishers use social media to target you, often
impersonating real brands and extracting personal information from you under the guise of customer
service. Next time your favorite National Pizza tries to help you with a pizza order in response to your
disgruntled tweet, take a second to double-check whether that’s really @nationalpizza and not
@nationalpizzaplace. (Hint: look for that blue checkmark to confirm the account is verified).
Recommendations to avoid these threats:
• Examine the actual email address to ensure it is from CFPB. While the email sender alias might
appear to be the name of your supervisor or other high-profile CFPB individual, the email address
itself will often not be a CFPB email Address
• Watch out for vague language or a generic request to click on a link or enter information
• Call the individual personally if possible, to see if the message was legitimate
• Check out the CFPB Phishing Awareness site for more phishing reporting guidance
• If you believe you are being targeted by a phishing campaign, please do not open the attachment –
Click the “Report phishing” button in outlook or send as an attachment to
Check out the recently published Phishing: Staying Off The Hook article by Living Security, a
cybersecurity training platform, to learn more.