Phishing is a technique used by hackers to obtain sensitive information. An example is a hand-crafted email message designed to trick people into divulging personal or confidential data, such as passwords and bank account information.
It may look something like this:
From: cloudservicesteam45@gmail.com |
Subject: Your Account Info |
Message:
Hi Friend, We’ve noticed some unrecognized activity going on on your Web Client account. As a result, we’ve locked your account. To open it up, you’ll need to provide us with your account information and proof of identification. It’s an easy process; just respond to this email. – Your Cloud Services Provider |
Here’s what to look for:
- Sometimes, you can tell from the sender alone. Why would the official company have an odd address with numbers like this one?
- Be wary of emails that target account information.
- Notice the generic opening. That could be so they can send this email to lots of people.
- Strange capitalizations and phrasings can be a dead giveaway
- Is your account actually locked? Close the email and go to the website you usually use to check.
- This information is almost never solicited by email. Call the company at a known number to ask whether this was them.
But, what if you fell for a phishing attempt?
If they stole some of your information: Don’t panic, but act quickly. Go to IdentityTheft.gov if they have your information, and report the attempt to your IT department if it’s at work. Also, let the FBI know.
If they stole some of the agency’s information: Report it immediately to the IT team. Time is of the essence. Change the passwords for any personal accounts that you might have given them access to. If you’re able, encrypt information you’re sending over.
For suspicious communications:
NEVER:
- Respond with information
- Click on links
- Download attachments
- Share with colleagues outside of IT
ALWAYS:
- Avoid any links or attachments
- Report to proper channel
- Inform others who may have been exposed
- Delete the email
Invest in a security solution:
The number of state and local government cyberattacks continues to rise. In 2020, at least 113 government agencies were impacted by ransomware attacks at an estimated cost of $913 million dollars.
These costly cyberattacks are caused primarily by hackers targeting and compromising government vendors and third parties.
SecureLink is a third-party remote access security solution for government entities that helps cities, counties, police departments, and government agencies protect themselves from cyberattacks. It also ensures compliance with CJIS security policies, keeps citizen information secure, and increases efficiencies.
This blog post was an exceprt from our new quick tips resource, The 3 P’s of Cybersecurity Quick Tips to Stay Safe, download the full resource here.