As you “See Yourself in Cyber”, you are confronted on a daily basis, with emails that appear to be valid, but are in fact phishing emails.

One may ask, “why should I care?” The answer is simple. It is these types of emails that can wreck havoc on your work as well as your personal life. By falling prey to a phishing email, your ability to do work may come to a screeching halt! You may infest your computer and the work network with a destructive computer virus. Worse yet, you may be the one who allows ransomware into the work environment! Not only you, but your co-workers and ultimately your ability to meet resident needs can be negatively impacted.

Learn more

• Phishing - National Cybersecurity Alliance 

• Unifying The Global Response To Cybercrime 

• General Phishing Information and Prevention Tips 

• What is Phishing? 

Do you want to be that one person? Of course not. One way to ward off such a scenario, is to be more aware of how to recognize and report phishing attempts. We all live very busy work lives and our email inboxes can fill up quickly and become overwhelming in no time at all. Because we live at such a hectic pace, it is easy to gloss over emails and not scrutinize them carefully. This is especially true when the email appears to come from someone we know or what looks like an official organization that is sending you a communication. Here are some common ploys that show up in phishing emails:

• There’s the email offering you a free coffee gift card if you complete a quick survey
• There’s the email that says its your IT department asking you to click on a link and verify some information
• Then there’s the email that appears to come from a commissioner or the county finance director asking you to purchase gift cards for an upcoming event.
• Or how about the email that asks you to process an invoice for payment.
• Or the one from the postal service or shipping company asking you to verify your shipping address (and you were waiting for a package from that shipping company)

Where did the term phishing come from and what does it really mean?  This piqued my interest, so I did a bit of research and discovered that “The first use of the term phishing seems to be credited to a hacker called Koceilah Rekouche, who developed an automated tool for tricking users in 1995. As a take off from  the existing term phreaking, which was used to identify people who played with, reverse engineered and hacked the telephone network, he called this automated fishing, "phishing.”

A true definition of phishing comes from the Anti-Phishing Working Group:

Phishing is a crime employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials. Social engineering schemes prey on unwary victims by fooling them into believing they are dealing with a trusted, legitimate party, such as by using deceptive email addresses and email messages. These are designed to lead consumers to counterfeit Web sites that trick recipients into divulging financial data such as usernames and passwords. Technical subterfuge schemes plant malware onto computers to steal credentials directly, often using systems that intercept consumers’ account usernames and passwords or misdirect consumers to counterfeit Web sites.

How can you recognize these fake emails. The first tip is to slow down. Take a few seconds to process the email. Here are some signs to look for:

• Does it contain an offer that’s too good to be true? 
• Does it include language that’s urgent, alarming, or threatening? 
• Is it poorly crafted wording that contains  misspellings and bad grammar?
• Is the greeting ambiguous or very generic? 
• Does it include requests to send personal information?
• Does it stress an urgency to click on an unfamiliar hyperlinks or attachment?
• Is it a strange or abrupt business request?
• Does the sender’s e-mail address match the company it’s coming from? Look for little misspellings like pavpal.com or anazon.com. These can be very subtle.

No matter what, if this is an unexpected email request and it has an attachment, do not open or download the attachment. Also, do not click on any links in the suspect email. Rather, you will want to expeditiously follow your organization’s protocols for reporting suspect emails. You may have a phishing icon in your email menu options that you can select to send this email off to IT for review. Or you may have been instructed to forward suspect emails to the IT helpdesk or a special IT mailbox. Be sure to follow those protocols. Your IT support can verify whether the email is fake or real; if real, then you know you are safe to follow-up on the email.

These phishing emails can also come to your personal email account as well. Further, phishing attempts are now showing up in your cell phone text messages and voice mails. Whichever is the case, immediately delete the email, text message or voicemail. Do not click on any links even the unsubscribe link. For voicemail or phone calls, don’t answer the call if you don’t recognize the number and delete that voicemail as well. You can also mark the bogus email as spam (most email applications have that option) or block that caller from sending you future texts or leaving voice messages. By following these practices, you are protecting not only yourself, but also those you are connected to or collaborate with.  

Practice “DON’T CLICK ON LINKS, JUST DELETE.

Another step you can take is to send a report to the Anti-Phishing Working Group (APWG) resource, which collects an immense amount of data about phishing attempts. APWG then adds this attempt to their database, all with the goal of helping to stop phishing and fraud in the future. Of course if this is a work phishing attempt, check with your IT support for permission. 

In closing, Think Before You Click: Recognize and Report Phishing: If an email looks a little off, it probably is a phishing email.

NACo encourages you to share this knowledge with your IT support, your employees and your family and friends!