Cyber Security Awareness: Email phishing
In an effort to further enhance the city’s cyber defenses, we want to highlight a common cyber-attack that everyone should be aware of – phishing.
"Phishing" is the most common type of cyber-attack that affects organizations like ours. Phishing attacks can take many forms, but they all share a common goal – getting you to share sensitive information such as login credentials, credit card information, or bank account details. They also might ask you to transfer money, purchase gift cards or send sensitive information to a hacker acting as a trusted source via email. These emails can be difficult to catch because they can appear to be harmless, and will have a normal, friendly tone with no links or attachments. The emails will appear to come from a high-level official, like the Mayor, Council or a Department Head.
Although we maintain controls to help protect our networks and computers from cyber threats, we rely on you to be our first line of defense.
We’ve outlined a few different types of phishing attacks to watch out for:
- Doppelganger: Phishers may utilize fake e-mail domains that look similar to cityofmadison.com. Watch out for things like: [EMAIL]@[VARIATION ON CITYOFMADISON.COM DOMAIN]
- A hurried tone: Phishers will often ask you to send money or purchase gift cards immediately, stating that they are busy or in a meeting, and cannot do it themselves.
- Email only: Since Phishing relies on impersonating an employee via a fake, yet similar email address, they will ask you not to call with questions and only reply through e-mail.
If you receive an email that you suspect to be a phishing attempt, or if you are unsure of an email’s legitimacy, please do not respond to the email. Instead;
- Forward the email to email@example.com
- If the email does not seem legitimate, delete the suspected email. If you cannot tell, call the person who sent the email and ask them if they sent the request.
Remember, no city staff should ever request personal information, usernames, passwords, or money from you via email.
Thanks again for assisting to keep our computer network, and our staff, safe from these threats.
Contact the IT Cyber Security Team with any questions.