MS-ISAC: Phight the phish by learning to identify malicious emails

Error message
In order to filter by the "in queue" property, you need to add the Entityqueue: Queue relationship.-
County NewsOctober is Cybersecurity Awareness Month, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) wants to help empower the community with information on how to combat a cyber-attack known as phishing.MS-ISAC: Phight the phish by learning to identify malicious emailsOctober 11, 2021October 11, 2021, 11:45 am
-
County News Article
MS-ISAC: Phight the phish by learning to identify malicious emails
October is Cybersecurity Awareness Month, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) wants to help empower the community with information on how to combat a cyber-attack known as phishing. Phishing is when a cybercriminal sends an email that aims to trick the recipient into providing personal information or into becoming infected with malicious software that can steal such information or cause other forms of damage. The cybercriminal will often purport to be sending this email from a trusted or legitimate source, such as a known business or organization that you may commonly deal with.
Tactics used in phishing attacks commonly aim to lure you into opening attachments, responding with personal information, or clicking links that download malicious software or bring you to a fraudulent form for collecting your information.
Persuasive language and a sense of urgency are common ways that cybercriminals capture attention and accomplish their malicious goals. Common examples include fraudulent shipping notifications, false fraud warnings on your account, requests to verify information on your account, or offers that seem too good to be true.
Below are a few steps you can take to identify and appropriately react to Phishing emails.
- Check the email address of the sender. Carefully examine if the sender’s email address is correctly spelled, as attackers commonly may use a special character or one-letter spelling mistake to approximate a legitimate looking email address.
- Hover over links to see where they really go. By hovering your cursor over a link, you can see the address it will really take you to rather than simply what the displayed text says. Avoid clicking shortened links, especially when received from untrusted sources, as they cannot be easily examined in this way.
- Avoid opening attachments. Don’t open attachments from untrusted sources and be wary of ones you are not expecting to receive from known contacts.
- Don’t share personal or private information over email. Especially do not provide such information in response to an unsolicited email you received.
- When in doubt, contact the real organization or sender! If you aren’t expecting the email, it asks for personal information or credentials, or it seems suspicious, contact the person or organization through known contact methods. For example, if the email states it is from your bank and they urgently need to speak to you, call them through the customer support line you have used in the past or is publicly listed, not via the method referenced in the email.
- Report phishing emails. Report suspicious emails received at work to your Information Technology (IT) help desk or contact. Emails you receive personally can always be reported to www.ic3.gov.
Additionally, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has created a guide linked below to educate people on how to identify, understand, and safely or securely react to such attacks. The link to other CISA Cybersecurity Awareness Month resources is also below:
- Phishing tip sheet
- Cybersecurity Awareness Month publications
- To learn more about being cyber secure, head to the link below to find the MS-ISAC’s Monthly Cybersecurity Newsletter that has materials on a number of cybersecurity topics. Sign up here
October is Cybersecurity Awareness Month, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) wants to help empower the community with information on how to combat a cyber-attack known as phishing.2021-10-11County News Article2023-04-11
October is Cybersecurity Awareness Month, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) wants to help empower the community with information on how to combat a cyber-attack known as phishing. Phishing is when a cybercriminal sends an email that aims to trick the recipient into providing personal information or into becoming infected with malicious software that can steal such information or cause other forms of damage. The cybercriminal will often purport to be sending this email from a trusted or legitimate source, such as a known business or organization that you may commonly deal with.
Tactics used in phishing attacks commonly aim to lure you into opening attachments, responding with personal information, or clicking links that download malicious software or bring you to a fraudulent form for collecting your information.
Persuasive language and a sense of urgency are common ways that cybercriminals capture attention and accomplish their malicious goals. Common examples include fraudulent shipping notifications, false fraud warnings on your account, requests to verify information on your account, or offers that seem too good to be true.
Below are a few steps you can take to identify and appropriately react to Phishing emails.
- Check the email address of the sender. Carefully examine if the sender’s email address is correctly spelled, as attackers commonly may use a special character or one-letter spelling mistake to approximate a legitimate looking email address.
- Hover over links to see where they really go. By hovering your cursor over a link, you can see the address it will really take you to rather than simply what the displayed text says. Avoid clicking shortened links, especially when received from untrusted sources, as they cannot be easily examined in this way.
- Avoid opening attachments. Don’t open attachments from untrusted sources and be wary of ones you are not expecting to receive from known contacts.
- Don’t share personal or private information over email. Especially do not provide such information in response to an unsolicited email you received.
- When in doubt, contact the real organization or sender! If you aren’t expecting the email, it asks for personal information or credentials, or it seems suspicious, contact the person or organization through known contact methods. For example, if the email states it is from your bank and they urgently need to speak to you, call them through the customer support line you have used in the past or is publicly listed, not via the method referenced in the email.
- Report phishing emails. Report suspicious emails received at work to your Information Technology (IT) help desk or contact. Emails you receive personally can always be reported to www.ic3.gov.
Additionally, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has created a guide linked below to educate people on how to identify, understand, and safely or securely react to such attacks. The link to other CISA Cybersecurity Awareness Month resources is also below:
- Phishing tip sheet
- Cybersecurity Awareness Month publications
- To learn more about being cyber secure, head to the link below to find the MS-ISAC’s Monthly Cybersecurity Newsletter that has materials on a number of cybersecurity topics. Sign up here
-
Webinar
US Counties & Emerging Cybersecurity Trends
Sep. 13, 2023 , 1:00 pm – 2:00 pmSeptember 13th, 2023 | 1 P.M. Eastern Time -
Webinar
NACo Cyberattack Simulation: Ransomware
Sep. 11, 2023 – Sep. 15, 2023Presented by the NACo County Tech Xchange and Professional Development Academy -
Series
TechKnow Series: NACo Tech Xchange Overview – Resources and Tools for your CIO Strategy
Sep. 7, 2023 , 1:00 pm – 2:00 pmSeptember 7th, 2023 | 1 P.M. Eastern Time -
Webinar
The Modern Edge for County Government
Sep. 6, 2023 , 1:00 pm – 2:00 pmModernization with Juniper AIOps (artificial intelligence for IT operations) is the industry’s best alternative to a network refresh if user experience, automation, and fiscal efficiency are important to county IT departments. Attend this session to discover how Juniper AIOps addresses these challenges and more: -
Webinar
Understanding Enterprise Service Management
Aug. 31, 2023 , 1:00 pm – 2:00 pmAugust 31st, 2023 | 1 PM Eastern -
Blog
DHS Announces New Funding Round for the State and Local Cybersecurity Grant Program
On August 8, the Department of Homeland Security (DHS) announced a new funding round for the State and Local Cyber Grant Program (SLCGP). The SLCGP was established by the State and Local Cybersecurity Improvement Act, which is part of the Bipartisan Infrastructure Law (BIL).
-
Webinar
Responding to Ransomware Attacks
September 26, 2023 , 1:00 pm – 2:00 pmSeptember 26, 2023 | 1 PM Eastern Time09261:00 pm<p><strong>September 26, 2023 | 1 PM Eastern Time </strong><br />
<br /> -
Webinar
How Overloaded County IT Organizations Can Address Traditional and New AI-Generated Cyber Threats
September 28, 2023 , 1:00 pm – 2:00 pmCounty IT organizations are already overloaded dealing with cyber threats that could result in data breaches, loss of system access resulting in the unavailability of critical services, and more. New cyber threats generated by AI or chat add additional complexity on top of everything else.09281:00 pm<p>County IT organizations are already overloaded dealing with cyber threats that could result in data breaches, loss of system access resulting in the unavailability of critical services, and more.
-
Webinar
Transforming Digital Government Experiences
October 5, 2023 , 1:00 pmOctober 5th, 2023 | 1 PM Eastern10051:00 pm<p><strong>October 5th, 2023 | 1 PM Eastern </strong><br />
<br /> -
Series
TechKnow Series: October, November, & December Sessions
October 18, 2023 – December 13, 2023October 18, 2023 | 1 PM Eastern - Charting Your AI Growth: A Practical Guide on the Use of Generative AI - What Are All Those Tools -
Series
TechKnow Series: Charting Your AI Growth: A Practical Guide on the Use of Generative AI - What Are All Those Tools
October 18, 2023 , 1:00 pmOctober 18th, 2023 | 1 PM Eastern10181:00 pm<p><strong>October 18th, 2023 | 1 PM Eastern </strong></p>
-
Webinar
Unlocking Opportunity by Increasing Digital Equity
October 23, 2023 , 1:00 pm – 2:00 pmOctober 23rd, 2023 | 1 PM Eastern10231:00 pm<p><strong>October 23rd, 2023 | 1 PM Eastern </strong></p>
-
Basic page
County Tech Xchange
The NACo County Tech Xchange is an online portal designed to connect county CIOs, IT Directors, CISOs, and other county IT leadership. This portal provides valuable resources in a central location that counties can use to improve their overall technology infrastructure.pagepagepage<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out transparent">
<tbody>
<tr> -
Basic page
TestIT: How Fast is Your Broadband
NACo has partnered with the Local Initiatives Support Corporation (LISC) and the Rural Community Assistance Partnership (RCAP) to develop a mobile app designed to identify areas with low or no connectivity to help ensure adequate funding for broadband infrastructure is provided across the country.pagepagepage<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out">
<tbody>
<tr>
<td> -
Basic page
Telecommunications & Technology Steering Committee
All matters pertaining to telecommunications and technology policy, including, but not limited to, the county role as a telecommunications regulator, service provider, and consumer, cable services technology and implementation, information technology development and implementation, information technology innovation, e-governance, and geo-spatial data collection and utilization.pagepagepage<p>All matters pertaining to telecommunications and technology policy, including, but not limited to, the county role as a telecommunications regulator, service provider, and consumer, cable services technology and implementation, info
-
Reports & Toolkits
Implementing Infrastructure Investments at the County Level: The Bipartisan Infrastructure Law (P.L. 117-58)
As intergovernmental partners, counties play a key role in ensuring the successful interpretation and implementation of the BILReports & Toolkitsdocument100710:00 amReports & Toolkits<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out transparent jump">
<tbody>
<tr>
<td>
Related Resources
-
Blog
DHS Announces New Funding Round for the State and Local Cybersecurity Grant Program
On August 8, the Department of Homeland Security (DHS) announced a new funding round for the State and Local Cyber Grant Program (SLCGP). The SLCGP was established by the State and Local Cybersecurity Improvement Act, which is part of the Bipartisan Infrastructure Law (BIL). -
Blog
DOJ proposes new rule for nondiscrimination on the basis of disability for state and local web-based services
On August 4, the Department of Justice published a proposed rule to create technical requirements for state and local web-based services to conform to regulations pertaining to Title II of the Americans with Disabilities Act, contained in 28 CFR Part 35. -
County News
Counties build AI framework to harness its potential, bolster protection
When Peter Crary left his job helping to develop software to read license plate numbers, he thought his days working in the nascent field of artificial intelligence were over.
-
Press Release
Counties Applaud Release of Broadband Allocations
NACo today applauded the National Telecommunications & Information Administration’s (NTIA) announcement of the state allocations that will be granted under the Broadband Equity, Access, and Deployment (BEAD) Program. -
Press Release
National Association of Counties Launches Exploratory Committee on Artificial Intelligence
County leaders and partners to examine best practices and considerations for deployment of AI -
Reports & Toolkits
Cybersecurity and Resilient Counties
NACo has partnered with Acccenture to survey counties on their cybersecurity resiliency. This publication is a cumulation of focus groups and a survey. Download the Report
Related Events
-
26Sep2023
-
28Sep2023Webinar
How Overloaded County IT Organizations Can Address Traditional and New AI-Generated Cyber Threats
Sep. 28, 2023 , 1:00 pm – 2:00 pm -
5Oct2023
-
18Oct2023
More From
-
Outreach Toolkit for Counties: the FCC’s Affordable Connectivity Program
Through the FCC's Affordable Connectivity Program, counties have a central role in providing all residents with an equal chance to connect to high-speed internet in their homes.
Learn More