Phishing

posted May 22, 2025 - 7:42am

This week, one of our community members received a phishing email. As an Information Technology (IT) professional, I have seen my share of phishing attempts. However, this one was pretty convincing. What caught my attention to indicate this was a phishing email was the email address's domain ending on "@usa.com; our city emails end on "@cityofmadison.com."

Full email used: "planningcityofmadison@usa.com"

What is phishing?

Wikipedia Definition: "Phishing attacks, often delivered via email spam, attempt to trick individuals into giving away sensitive information or login credentials. Most attacks are "bulk attacks" that are not targeted and are instead sent in bulk to a wide audience. The goal of the attacker can vary, with common targets including financial institutions, email and cloud productivity providers, and streaming services."

What to do?

Pay attention to the details
Do not provide personal sensitive information via e-mail
Below is a list of resources to learn more

Four Easy Ways to Stay Safe Online

https://www.cisa.gov/secure-our-world/secure-yourself-your-family

There are simple things we can do today that will help keep us much safer online. Digital crimes are happening every day, but by each of us doing our part—educating ourselves and paying attention—we can stay ahead of the game!

Recognizing and Reporting Phishing

https://www.cisa.gov/secure-our-world/recognize-and-report-phishing

Phishing often tries to get us to open a harmful attachment or share personal information.

Use Strong Passwords

https://www.cisa.gov/secure-our-world/use-strong-passwords

Using strong passwords and a password manager are some easy ways to protect ourselves from someone logging into an account and stealing data or money. In this topic we will learn about password best practices and how to manage secure passwords at work.

Use Multifactor Authentication (MFA)

https://www.cisa.gov/secure-our-world/turn-mfa

Multifactor authentication means using more than a password to access an app or account. With MFA, we might be asked to enter a text code or use a fingerprint. It makes us much safer from someone accessing our accounts. In this topic we will learn more about the importance of MFA and how to manage your account at work.

Update Software

https://www.cisa.gov/secure-our-world/update-software

Don't delay software updates. Flaws in software can give criminals access to files or accounts. Programmers fix these flaws as soon as they can, but we must install updates for the latest protection! In this topic we will discuss the City’s expectations on software updates and how to embrace these routine updates.

Visit cisa.gov/secure-our-world to learn more.