top of page

Rebecca Tatun

Oct 16, 2025

Trick or Treat? Know the Difference in Your Inbox

Howdy y’all,


Not only is October a spooky season, but it’s also Cybersecurity Awareness Month. One of the scariest cyber attacks is social engineering, especially when it comes to Criminal Justice Information (CJI). Attackers don’t need any fancy code or specialized tools; they just need you to trust their Halloween disguise, whether it’s impersonating your boss, IT, HR, or even your own family.


Common types of social engineering:

  • Phishing: Emails, phone calls, text messages, and even social media DM’s.

  • Spear Phishing: Similar to phishing, but these messages are more personalized. Example: an attacker disguises themself as your child asking for bail money.

  • Baiting: A false promise to users. Example: an advertisement promoting “Free, exclusive list of the most wanted criminals in your jurisdiction, updated daily.”

  • Scareware: An alarming pop-up message tricking the user to download malware. Example: WARNING! 5 viruses detected!!! Click now to remove viruses.


No matter how strong your system security is, a single human mistake can compromise everything. YOU are the strongest defense for your agency.


How to avoid being the next victim:

  • Don’t Trust, Verify: Be suspicious of calls, texts, or emails asking for sensitive information.

  • Look Closely: Check the sender’s email address and hover over links before you click.

  • Report It: If you suspect a message to be a social engineering attack, forward it to your IT team.


Your agency can increase CJIS compliance and battle threats by: 

  • Training your personnel with the appropriate knowledge to detect cyber threats and potentially malicious messages, annually [AT-2 and IR-2].

  • Implementing safeguards to deter unauthorized users from listening in or altering your data [PE-4].

  • Implementing spam protection protocols in your email services to filter for potential spam emails [SI-8].


As always, our team is here to help with CJIS compliance whether it's some consulting hours or a CJIS ACE assessment. You can reach out to us at info@cjisace.com.


Phishing is for fish. Stay human,

Rebecca Tatun

bottom of page