
Error message
In order to filter by the "in queue" property, you need to add the Entityqueue: Queue relationship.-
County NewsAs you “See Yourself in Cyber”, you are confronted on a daily basis, with emails that appear to be valid, but are in fact phishing emails.Not your typical phishing expedition
-
County News Article
Not your typical phishing expedition
As you “See Yourself in Cyber”, you are confronted on a daily basis, with emails that appear to be valid, but are in fact phishing emails.
One may ask, “why should I care?” The answer is simple. It is these types of emails that can wreck havoc on your work as well as your personal life. By falling prey to a phishing email, your ability to do work may come to a screeching halt! You may infest your computer and the work network with a destructive computer virus. Worse yet, you may be the one who allows ransomware into the work environment! Not only you, but your co-workers and ultimately your ability to meet resident needs can be negatively impacted.
Learn more
- Phishing - National Cybersecurity Alliance
- Unifying The Global Response To Cybercrime
- General Phishing Information and Prevention Tips
- What is Phishing?
Do you want to be that one person? Of course not. One way to ward off such a scenario, is to be more aware of how to recognize and report phishing attempts. We all live very busy work lives and our email inboxes can fill up quickly and become overwhelming in no time at all. Because we live at such a hectic pace, it is easy to gloss over emails and not scrutinize them carefully. This is especially true when the email appears to come from someone we know or what looks like an official organization that is sending you a communication. Here are some common ploys that show up in phishing emails:
- There’s the email offering you a free coffee gift card if you complete a quick survey
- There’s the email that says its your IT department asking you to click on a link and verify some information
- Then there’s the email that appears to come from a commissioner or the county finance director asking you to purchase gift cards for an upcoming event.
- Or how about the email that asks you to process an invoice for payment.
- Or the one from the postal service or shipping company asking you to verify your shipping address (and you were waiting for a package from that shipping company)
Where did the term phishing come from and what does it really mean? This piqued my interest, so I did a bit of research and discovered that “The first use of the term phishing seems to be credited to a hacker called Koceilah Rekouche, who developed an automated tool for tricking users in 1995. As a take off from the existing term phreaking, which was used to identify people who played with, reverse engineered and hacked the telephone network, he called this automated fishing, "phishing.”
A true definition of phishing comes from the Anti-Phishing Working Group:
Phishing is a crime employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials. Social engineering schemes prey on unwary victims by fooling them into believing they are dealing with a trusted, legitimate party, such as by using deceptive email addresses and email messages. These are designed to lead consumers to counterfeit Web sites that trick recipients into divulging financial data such as usernames and passwords. Technical subterfuge schemes plant malware onto computers to steal credentials directly, often using systems that intercept consumers’ account usernames and passwords or misdirect consumers to counterfeit Web sites.
How can you recognize these fake emails. The first tip is to slow down. Take a few seconds to process the email. Here are some signs to look for:
- Does it contain an offer that’s too good to be true?
- Does it include language that’s urgent, alarming, or threatening?
- Is it poorly crafted wording that contains misspellings and bad grammar?
- Is the greeting ambiguous or very generic?
- Does it include requests to send personal information?
- Does it stress an urgency to click on an unfamiliar hyperlinks or attachment?
- Is it a strange or abrupt business request?
- Does the sender’s e-mail address match the company it’s coming from? Look for little misspellings like pavpal.com or anazon.com. These can be very subtle.
No matter what, if this is an unexpected email request and it has an attachment, do not open or download the attachment. Also, do not click on any links in the suspect email. Rather, you will want to expeditiously follow your organization’s protocols for reporting suspect emails. You may have a phishing icon in your email menu options that you can select to send this email off to IT for review. Or you may have been instructed to forward suspect emails to the IT helpdesk or a special IT mailbox. Be sure to follow those protocols. Your IT support can verify whether the email is fake or real; if real, then you know you are safe to follow-up on the email.
These phishing emails can also come to your personal email account as well. Further, phishing attempts are now showing up in your cell phone text messages and voice mails. Whichever is the case, immediately delete the email, text message or voicemail. Do not click on any links even the unsubscribe link. For voicemail or phone calls, don’t answer the call if you don’t recognize the number and delete that voicemail as well. You can also mark the bogus email as spam (most email applications have that option) or block that caller from sending you future texts or leaving voice messages. By following these practices, you are protecting not only yourself, but also those you are connected to or collaborate with.
Practice “DON’T CLICK ON LINKS, JUST DELETE.
Another step you can take is to send a report to the Anti-Phishing Working Group (APWG) resource, which collects an immense amount of data about phishing attempts. APWG then adds this attempt to their database, all with the goal of helping to stop phishing and fraud in the future. Of course if this is a work phishing attempt, check with your IT support for permission.
In closing, Think Before You Click: Recognize and Report Phishing: If an email looks a little off, it probably is a phishing email.
NACo encourages you to share this knowledge with your IT support, your employees and your family and friends!
As you “See Yourself in Cyber”, you are confronted on a daily basis, with emails that appear to be valid, but are in fact phishing emails.2022-10-16County News Article2022-10-18
As you “See Yourself in Cyber”, you are confronted on a daily basis, with emails that appear to be valid, but are in fact phishing emails.
One may ask, “why should I care?” The answer is simple. It is these types of emails that can wreck havoc on your work as well as your personal life. By falling prey to a phishing email, your ability to do work may come to a screeching halt! You may infest your computer and the work network with a destructive computer virus. Worse yet, you may be the one who allows ransomware into the work environment! Not only you, but your co-workers and ultimately your ability to meet resident needs can be negatively impacted.
Learn more
Do you want to be that one person? Of course not. One way to ward off such a scenario, is to be more aware of how to recognize and report phishing attempts. We all live very busy work lives and our email inboxes can fill up quickly and become overwhelming in no time at all. Because we live at such a hectic pace, it is easy to gloss over emails and not scrutinize them carefully. This is especially true when the email appears to come from someone we know or what looks like an official organization that is sending you a communication. Here are some common ploys that show up in phishing emails:
- There’s the email offering you a free coffee gift card if you complete a quick survey
- There’s the email that says its your IT department asking you to click on a link and verify some information
- Then there’s the email that appears to come from a commissioner or the county finance director asking you to purchase gift cards for an upcoming event.
- Or how about the email that asks you to process an invoice for payment.
- Or the one from the postal service or shipping company asking you to verify your shipping address (and you were waiting for a package from that shipping company)
Where did the term phishing come from and what does it really mean? This piqued my interest, so I did a bit of research and discovered that “The first use of the term phishing seems to be credited to a hacker called Koceilah Rekouche, who developed an automated tool for tricking users in 1995. As a take off from the existing term phreaking, which was used to identify people who played with, reverse engineered and hacked the telephone network, he called this automated fishing, "phishing.”
A true definition of phishing comes from the Anti-Phishing Working Group:
Phishing is a crime employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials. Social engineering schemes prey on unwary victims by fooling them into believing they are dealing with a trusted, legitimate party, such as by using deceptive email addresses and email messages. These are designed to lead consumers to counterfeit Web sites that trick recipients into divulging financial data such as usernames and passwords. Technical subterfuge schemes plant malware onto computers to steal credentials directly, often using systems that intercept consumers’ account usernames and passwords or misdirect consumers to counterfeit Web sites.
How can you recognize these fake emails. The first tip is to slow down. Take a few seconds to process the email. Here are some signs to look for:
- Does it contain an offer that’s too good to be true?
- Does it include language that’s urgent, alarming, or threatening?
- Is it poorly crafted wording that contains misspellings and bad grammar?
- Is the greeting ambiguous or very generic?
- Does it include requests to send personal information?
- Does it stress an urgency to click on an unfamiliar hyperlinks or attachment?
- Is it a strange or abrupt business request?
- Does the sender’s e-mail address match the company it’s coming from? Look for little misspellings like pavpal.com or anazon.com. These can be very subtle.
No matter what, if this is an unexpected email request and it has an attachment, do not open or download the attachment. Also, do not click on any links in the suspect email. Rather, you will want to expeditiously follow your organization’s protocols for reporting suspect emails. You may have a phishing icon in your email menu options that you can select to send this email off to IT for review. Or you may have been instructed to forward suspect emails to the IT helpdesk or a special IT mailbox. Be sure to follow those protocols. Your IT support can verify whether the email is fake or real; if real, then you know you are safe to follow-up on the email.
These phishing emails can also come to your personal email account as well. Further, phishing attempts are now showing up in your cell phone text messages and voice mails. Whichever is the case, immediately delete the email, text message or voicemail. Do not click on any links even the unsubscribe link. For voicemail or phone calls, don’t answer the call if you don’t recognize the number and delete that voicemail as well. You can also mark the bogus email as spam (most email applications have that option) or block that caller from sending you future texts or leaving voice messages. By following these practices, you are protecting not only yourself, but also those you are connected to or collaborate with.
Practice “DON’T CLICK ON LINKS, JUST DELETE.
Another step you can take is to send a report to the Anti-Phishing Working Group (APWG) resource, which collects an immense amount of data about phishing attempts. APWG then adds this attempt to their database, all with the goal of helping to stop phishing and fraud in the future. Of course if this is a work phishing attempt, check with your IT support for permission.
In closing, Think Before You Click: Recognize and Report Phishing: If an email looks a little off, it probably is a phishing email.
NACo encourages you to share this knowledge with your IT support, your employees and your family and friends!
Hero 1
About Rita Reynolds (Full Bio)
Chief Information Officer
Rita serves as NACo's chief information officer. In this capacity, she oversees the internal technology operations of NACo, and leads NACo’s technology programs and initiatives for counties.More from Rita Reynolds
-
Blog
Bipartisan legislation reintroduced to fund Next Generation 911 systems
On March 24, Reps. Anna Eshoo (D-Calif.) and Richard Hudson (R-N.C.) reintroduced the Next Generation 9-1-1 Act of 2023 with the goal of modernizing aging 911 systems across the nation to Next-Generation 911 technology. -
Webinar
Whole-of-State 2.0: A Tale of Two States and Counties
Mar. 9, 2023 , 1:00 pm – 2:00 pmUnable to attend? Watch the recording below. No matter where you are in your cybersecurity journey - you've probably heard of Whole-of-State. What does this mean for your jurisdiction? -
Webinar
NACo Cyberattack Simulation: Election Disruptions
Feb. 27, 2023 – Mar. 3, 2023Presented by the NACo County Tech Xchange and Professional Development Academy -
Webinar
Executive Perspectives on Preparing for an ERP Replacement Project
Feb. 22, 2023 , 3:00 pm – 4:00 pmUnable to attend? Watch the recording below. -
County News
‘When we’re not connected, we’re not safe,’ because buildings block radio
In a room packed with about 100 conference attendees, Guilford County, N.C. Commissioner Alan Perdue gave a powerful presentation Saturday morning on the importance of clear communication among emergency responders. -
-
Webinar
NACo Cyberattack Simulation: Internet of Things
June 12, 2023 – June 16, 2023Presented by the NACo County Tech Xchange and Professional Development Academy06121:00 pm<p><em>Presented by the NACo County Tech Xchange and Professional Development Academy</em></p>
-
Webinar
NACo Cyberattack Simulation: Ransomware
September 11, 2023 – September 15, 2023Presented by the NACo County Tech Xchange and Professional Development Academy09111:00 pm<p><em>Presented by the NACo County Tech Xchange and Professional Development Academy</em></p>
-
Webinar
NACo Cyberattack Simulation: Employee Management
December 4, 2023 – December 8, 2023Presented by the NACo County Tech Xchange and Professional Development Academy12041:00 pm<p><em>Presented by the NACo County Tech Xchange and Professional Development Academy</em></p>
-
Basic page
County Tech Xchange
The NACo County Tech Xchange is an online portal designed to connect county CIOs, IT Directors, CISOs, and other county IT leadership. This portal provides valuable resources in a central location that counties can use to improve their overall technology infrastructure.pagepagepage<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out transparent">
<tbody>
<tr> -
Basic page
TestIT: How Fast is Your Broadband
NACo has partnered with the Local Initiatives Support Corporation (LISC) and the Rural Community Assistance Partnership (RCAP) to develop a mobile app designed to identify areas with low or no connectivity to help ensure adequate funding for broadband infrastructure is provided across the country.pagepagepage<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out">
<tbody>
<tr>
<td> -
Basic page
Telecommunications & Technology Steering Committee
All matters pertaining to telecommunications and technology policy, including, but not limited to, the county role as a telecommunications regulator, service provider, and consumer, cable services technology and implementation, information technology development and implementation, information technology innovation, e-governance, and geo-spatial data collection and utilization.pagepagepage<p>All matters pertaining to telecommunications and technology policy, including, but not limited to, the county role as a telecommunications regulator, service provider, and consumer, cable services technology and implementation, info
-
Reports & Toolkits
Implementing Infrastructure Investments at the County Level: The Bipartisan Infrastructure Law (P.L. 117-58)
As intergovernmental partners, counties play a key role in ensuring the successful interpretation and implementation of the BILReports & Toolkitsdocument100710:00 amReports & Toolkits<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out transparent jump">
<tbody>
<tr>
<td>
Contact
-
Chief Information Officer(202) 942-4248
Related Resources
-
Blog
Bipartisan legislation reintroduced to fund Next Generation 911 systems
On March 24, Reps. Anna Eshoo (D-Calif.) and Richard Hudson (R-N.C.) reintroduced the Next Generation 9-1-1 Act of 2023 with the goal of modernizing aging 911 systems across the nation to Next-Generation 911 technology. -
County News
‘When we’re not connected, we’re not safe,’ because buildings block radio
In a room packed with about 100 conference attendees, Guilford County, N.C. Commissioner Alan Perdue gave a powerful presentation Saturday morning on the importance of clear communication among emergency responders. -
County News
TikTok: It’s hip, it’s fun and it’s a security risk
What threat does TikTok pose to data security, and how should counties regulate its use on government-issued devices?
-
-
Reports & Toolkits
NACo Technology Guide for County Leaders: Workforce
The NACo County Technology Advisory Council, with input from the Tech Xchange and the NACo Workforce Advisory Board, has developed a guide on workforce retention and recruitment for technology workers. This guide provides an overview, along with benefits and questions to consider in the technology recruitment and retention process -
Policy Brief
Support the Deployment of Next Generation 911 Bill
Urge your Members of Congress to support legislation to provide funding for the deployment of Next Generation 9-1-1 and for other purposes. Introduced by Sen. Amy Klobuchar (D-Minn.) in the previous Congress, the legislation would provide for the establishment of Next Generation 9-1-1 and would vastly improve interoperability with regards to all emergency communication systems. The bill would also establish a Next Generation 9-1-1 cybersecurity center to coordinate with state, local and regional governments to detect and prevent cybersecurity intrusions related to Next Generation 9-1-1.
Related Events
More From
-
Outreach Toolkit for Counties: the FCC’s Affordable Connectivity Program
Through the FCC's Affordable Connectivity Program, counties have a central role in providing all residents with an equal chance to connect to high-speed internet in their homes.
Learn More