Be cyber smart: Fight the phish

Key Takeaways

The term “phish” has taken on a life of its own in these past few years. Those pesky “fake” emails look so real these days. No longer do the “mis-spellings catch us up.” But rather it’s the fact that those emails look like they are coming from a trusted individual or a trusted company (like Microsoft). And it’s not just the emails, it’s the text messages we now receive, personally addressed to us.

Let’s dive in and see what to look for in current phishing trends:

• Many of us now have an “external email banner” or text that displays on incoming emails is to help us recognize phishing emails. If the email sender looks like a county employee or your county elected official and that external email banner is displayed, then you know it is a phishing email and didn’t come from an internal employee.
• Does it look like it is coming from your county IT support? Remember, your county IT staff shouldn’t be asking for your credentials or login information!
• Did you really order that Amazon shipment?

Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. They may:

• say they’ve noticed some suspicious activity or log-in attempts
• claim there’s a problem with your account or your payment information
• say you must confirm some personal information
• include a fake invoice
• want you to click on a link to make a payment
• say you’re eligible to register for a government refund
• offer a coupon for free stuff

Learn More

Many counties are conducting local Cybersecurity Awareness Month activities. In this video, Alameda County, Calif. kicks off the month with guidance from Supervisor Keith Carson.

Hackers took advantage in the recent COVID-19 pandemic. Emails asking you to donate to fraudulent charities or causes were common, as were emails appearing to be from the Social Security Administration informing you that your Social Security number (SSN) was suspended, in hopes you will reveal your SSN or pay to have it reactivated. There have also been economic payment scams targeting stimulus payment recipients. We need to continue to be on the lookout for criminal fraud related to COVID-19 economic impact payments as well. Particularly, where fraud referencing the coronavirus results in the theft of personal and financial information.

As you navigate the online world, here are some important tips to keep in mind that will help you avoid becoming a victim:

• If it went into your junk email, nine times out of 10, it’s junk
• If you think it’s real, pick up the phone and call the person (or send them a separate email). I just did that the other day
• Think before you act
• Protect your personal information
• Please…please…please be wary of hyperlinks
• Double your login protection with multi-factor authentication (i.e., in addition to a password at the login screen, receive a 4-digit pin on your cell)
• Shake up your password protocol – it is not uncommon for login credentials to be stolen and made available to hackers on the dark web (the part of the World Wide Web that is only accessible by means of special software, allowing users and website operators to remain anonymous or untraceable). It is a good practice to change your password naming routine on a regular basis
• Make sure you have anti-virus software on your devices (i.e., your personal cell phone and electronic notepad). This was especially important during the early months of COVID-19, when some counties needed to allow personal devices to access county resources
• Type website URLs directly into a Google or a Bing search instead of clicking on links or cutting and pasting from the email. Oftentimes this will display results that verify the URL is fake
• Ask your IT support to conduct “phishing” tests as well as provide education for those employees that fail those tests

In the unfortunate event that you discover you are a victim of cybercrime, immediately notify authorities to file a complaint. Keep and record all evidence of the incident and its suspected source. The list below outlines the government organizations that you can file a complaint with if you are a victim of cybercrime:

• FTC.gov: The FTC’s free, one-stop resource, www.identitytheft.gov can help you report and recover from identity theft. Report fraud to the FTC at www.ftc.gov/OnGuardOnline or www.ftccomplaintassistant.gov
• US-CERT.gov: Report computer or network vulnerabilities to US-CERT via the hotline: 1-888-282-0870 or https://us-cert.cisa.gov/. Forward phishing emails or websites to US-CERT at phishing-report@us-cert.gov
• IC3.gov: If you are a victim of online crime, file a complaint with the Internet Crime Complaint Center (IC3) at www.IC3.gov.
  • www.SSA.gov: If you believe someone is using your SSN, contact the Social Security Administration’s fraud hotline at 1-800-269-0271.

During this month of cyber security awareness, hone your cyber awareness skills! For additional guidance, visit: Cybersecurity Awareness Month 2021 - Phishing Tip Sheet.