MS-ISAC: Phight the phish by learning to identify malicious emails

Error message
In order to filter by the "in queue" property, you need to add the Entityqueue: Queue relationship.-
County NewsOctober is Cybersecurity Awareness Month, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) wants to help empower the community with information on how to combat a cyber-attack known as phishing.MS-ISAC: Phight the phish by learning to identify malicious emailsOctober 11, 2021October 11, 2021, 11:45 am
-
County News Article
MS-ISAC: Phight the phish by learning to identify malicious emails
October is Cybersecurity Awareness Month, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) wants to help empower the community with information on how to combat a cyber-attack known as phishing. Phishing is when a cybercriminal sends an email that aims to trick the recipient into providing personal information or into becoming infected with malicious software that can steal such information or cause other forms of damage. The cybercriminal will often purport to be sending this email from a trusted or legitimate source, such as a known business or organization that you may commonly deal with.
Tactics used in phishing attacks commonly aim to lure you into opening attachments, responding with personal information, or clicking links that download malicious software or bring you to a fraudulent form for collecting your information.
Persuasive language and a sense of urgency are common ways that cybercriminals capture attention and accomplish their malicious goals. Common examples include fraudulent shipping notifications, false fraud warnings on your account, requests to verify information on your account, or offers that seem too good to be true.
Below are a few steps you can take to identify and appropriately react to Phishing emails.
- Check the email address of the sender. Carefully examine if the sender’s email address is correctly spelled, as attackers commonly may use a special character or one-letter spelling mistake to approximate a legitimate looking email address.
- Hover over links to see where they really go. By hovering your cursor over a link, you can see the address it will really take you to rather than simply what the displayed text says. Avoid clicking shortened links, especially when received from untrusted sources, as they cannot be easily examined in this way.
- Avoid opening attachments. Don’t open attachments from untrusted sources and be wary of ones you are not expecting to receive from known contacts.
- Don’t share personal or private information over email. Especially do not provide such information in response to an unsolicited email you received.
- When in doubt, contact the real organization or sender! If you aren’t expecting the email, it asks for personal information or credentials, or it seems suspicious, contact the person or organization through known contact methods. For example, if the email states it is from your bank and they urgently need to speak to you, call them through the customer support line you have used in the past or is publicly listed, not via the method referenced in the email.
- Report phishing emails. Report suspicious emails received at work to your Information Technology (IT) help desk or contact. Emails you receive personally can always be reported to www.ic3.gov.
Additionally, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has created a guide linked below to educate people on how to identify, understand, and safely or securely react to such attacks. The link to other CISA Cybersecurity Awareness Month resources is also below:
- Phishing tip sheet
- Cybersecurity Awareness Month publications
- To learn more about being cyber secure, head to the link below to find the MS-ISAC’s Monthly Cybersecurity Newsletter that has materials on a number of cybersecurity topics. Sign up here
October is Cybersecurity Awareness Month, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) wants to help empower the community with information on how to combat a cyber-attack known as phishing.2021-10-11County News Article2021-10-13
October is Cybersecurity Awareness Month, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) wants to help empower the community with information on how to combat a cyber-attack known as phishing. Phishing is when a cybercriminal sends an email that aims to trick the recipient into providing personal information or into becoming infected with malicious software that can steal such information or cause other forms of damage. The cybercriminal will often purport to be sending this email from a trusted or legitimate source, such as a known business or organization that you may commonly deal with.
Tactics used in phishing attacks commonly aim to lure you into opening attachments, responding with personal information, or clicking links that download malicious software or bring you to a fraudulent form for collecting your information.
Persuasive language and a sense of urgency are common ways that cybercriminals capture attention and accomplish their malicious goals. Common examples include fraudulent shipping notifications, false fraud warnings on your account, requests to verify information on your account, or offers that seem too good to be true.
Below are a few steps you can take to identify and appropriately react to Phishing emails.
- Check the email address of the sender. Carefully examine if the sender’s email address is correctly spelled, as attackers commonly may use a special character or one-letter spelling mistake to approximate a legitimate looking email address.
- Hover over links to see where they really go. By hovering your cursor over a link, you can see the address it will really take you to rather than simply what the displayed text says. Avoid clicking shortened links, especially when received from untrusted sources, as they cannot be easily examined in this way.
- Avoid opening attachments. Don’t open attachments from untrusted sources and be wary of ones you are not expecting to receive from known contacts.
- Don’t share personal or private information over email. Especially do not provide such information in response to an unsolicited email you received.
- When in doubt, contact the real organization or sender! If you aren’t expecting the email, it asks for personal information or credentials, or it seems suspicious, contact the person or organization through known contact methods. For example, if the email states it is from your bank and they urgently need to speak to you, call them through the customer support line you have used in the past or is publicly listed, not via the method referenced in the email.
- Report phishing emails. Report suspicious emails received at work to your Information Technology (IT) help desk or contact. Emails you receive personally can always be reported to www.ic3.gov.
Additionally, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has created a guide linked below to educate people on how to identify, understand, and safely or securely react to such attacks. The link to other CISA Cybersecurity Awareness Month resources is also below:
- Phishing tip sheet
- Cybersecurity Awareness Month publications
- To learn more about being cyber secure, head to the link below to find the MS-ISAC’s Monthly Cybersecurity Newsletter that has materials on a number of cybersecurity topics. Sign up here
-
Webinar
Whole-of-State 2.0: A Tale of Two States and Counties
Mar. 9, 2023 , 1:00 pm – 2:00 pmUnable to attend? Watch the recording below. No matter where you are in your cybersecurity journey - you've probably heard of Whole-of-State. What does this mean for your jurisdiction? -
Webinar
NACo Cyberattack Simulation: Election Disruptions
Feb. 27, 2023 – Mar. 3, 2023Presented by the NACo County Tech Xchange and Professional Development Academy -
Webinar
Executive Perspectives on Preparing for an ERP Replacement Project
Feb. 22, 2023 , 3:00 pm – 4:00 pmUnable to attend? Watch the recording below. -
County News
‘When we’re not connected, we’re not safe,’ because buildings block radio
In a room packed with about 100 conference attendees, Guilford County, N.C. Commissioner Alan Perdue gave a powerful presentation Saturday morning on the importance of clear communication among emergency responders. -
-
Reports & Toolkits
NACo Technology Guide for County Leaders: Workforce
The NACo County Technology Advisory Council, with input from the Tech Xchange and the NACo Workforce Advisory Board, has developed a guide on workforce retention and recruitment for technology workers. This guide provides an overview, along with benefits and questions to consider in the technology recruitment and retention process
-
Webinar
NACo Cyberattack Simulation: Internet of Things
June 12, 2023 – June 16, 2023Presented by the NACo County Tech Xchange and Professional Development Academy06121:00 pm<p><em>Presented by the NACo County Tech Xchange and Professional Development Academy</em></p>
-
Webinar
NACo Cyberattack Simulation: Ransomware
September 11, 2023 – September 15, 2023Presented by the NACo County Tech Xchange and Professional Development Academy09111:00 pm<p><em>Presented by the NACo County Tech Xchange and Professional Development Academy</em></p>
-
Webinar
NACo Cyberattack Simulation: Employee Management
December 4, 2023 – December 8, 2023Presented by the NACo County Tech Xchange and Professional Development Academy12041:00 pm<p><em>Presented by the NACo County Tech Xchange and Professional Development Academy</em></p>
-
Basic page
County Tech Xchange
The NACo County Tech Xchange is an online portal designed to connect county CIOs, IT Directors, CISOs, and other county IT leadership. This portal provides valuable resources in a central location that counties can use to improve their overall technology infrastructure.pagepagepage<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out transparent">
<tbody>
<tr> -
Basic page
TestIT: How Fast is Your Broadband
NACo has partnered with the Local Initiatives Support Corporation (LISC) and the Rural Community Assistance Partnership (RCAP) to develop a mobile app designed to identify areas with low or no connectivity to help ensure adequate funding for broadband infrastructure is provided across the country.pagepagepage<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out">
<tbody>
<tr>
<td> -
Basic page
Telecommunications & Technology Steering Committee
All matters pertaining to telecommunications and technology policy, including, but not limited to, the county role as a telecommunications regulator, service provider, and consumer, cable services technology and implementation, information technology development and implementation, information technology innovation, e-governance, and geo-spatial data collection and utilization.pagepagepage<p>All matters pertaining to telecommunications and technology policy, including, but not limited to, the county role as a telecommunications regulator, service provider, and consumer, cable services technology and implementation, info
-
Reports & Toolkits
Implementing Infrastructure Investments at the County Level: The Bipartisan Infrastructure Law (P.L. 117-58)
As intergovernmental partners, counties play a key role in ensuring the successful interpretation and implementation of the BILReports & Toolkitsdocument100710:00 amReports & Toolkits<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out transparent jump">
<tbody>
<tr>
<td>
Related Resources
-
County News
‘When we’re not connected, we’re not safe,’ because buildings block radio
In a room packed with about 100 conference attendees, Guilford County, N.C. Commissioner Alan Perdue gave a powerful presentation Saturday morning on the importance of clear communication among emergency responders. -
County News
TikTok: It’s hip, it’s fun and it’s a security risk
What threat does TikTok pose to data security, and how should counties regulate its use on government-issued devices? -
Blog
Data sharing paramount in modern county operations
Everyone wants data. Everyone needs authoritative data. GIS is the underlying infrastructure for sharing data instantly in your county.
-
-
Reports & Toolkits
NACo Technology Guide for County Leaders: Workforce
The NACo County Technology Advisory Council, with input from the Tech Xchange and the NACo Workforce Advisory Board, has developed a guide on workforce retention and recruitment for technology workers. This guide provides an overview, along with benefits and questions to consider in the technology recruitment and retention process -
Policy Brief
Support the Deployment of Next Generation 911 Bill
Urge your Members of Congress to support legislation to provide funding for the deployment of Next Generation 9-1-1 and for other purposes. Introduced by Sen. Amy Klobuchar (D-Minn.) in the previous Congress, the legislation would provide for the establishment of Next Generation 9-1-1 and would vastly improve interoperability with regards to all emergency communication systems. The bill would also establish a Next Generation 9-1-1 cybersecurity center to coordinate with state, local and regional governments to detect and prevent cybersecurity intrusions related to Next Generation 9-1-1.
Related Events
More From
-
Implementing Infrastructure Investments at the County Level: The Bipartisan Infrastructure Law (P.L. 117-58)
As intergovernmental partners, counties play a key role in ensuring the successful interpretation and implementation of the BIL
Learn More