Cybersecurity Vigilance: Reminder about phishing, scam, spam and suspicious emails and texts

The IT Team wanted to send a reminder about the importance of remaining vigilant against spam, scam and phishing emails and text messages. While we know this article  is a bit lengthy, we ask you please take the time to read in its entirety. 

We also have a video version of this article which you can view here.

There is no perfect way to prevent all malicious emails and texts coming into our organization, and although we have technology tools to help guard us, one of the most important tools in the fight against security threats is YOU! Your continued vigilance, being suspicious, and being able to identify malicious emails is a key part of our overall security. Below we have compiled some key examples of what to look out for, what red flags you should be looking for, and what actions to take:

Phishing email:

Phishing is a social engineering type spam email that is meant to look like it comes from a legitimate source, but really it’s from an attacker. The attacker tries to trick the recipient to click on a link or reply to their email to further their attack.

 Phishing emails that have been more visible to us recently are emails looking like they’re coming from agency leadership, such as our CEO Laura Heintz, or a Program Director, requesting an email back about something that would normally be unrelated, like gift cards. An example is below –

As you can see when looking closely at the email, there are several red flags –

•Although the display name shows “Laura Heintz”, the return email address is an external email. 

•Also, the email is purportedly from Laura, however the email contains our warning banner that the email originated from outside the agency

•The subject is quite odd, all caps with poor context, which should raise suspicions.

•The email requests to click a link, and also implies urgency. Some genuine emails do have those things also, but it’s another red flag that should arouse your suspicion

Action: If you receive an email like this, do not reply to it, and do not click any links. If you have any doubts on an emails authenticity, don’t hesitate to contact IT via the IT Helpdesk to help verify.

Phishing emails specifically designed to look like the real deal:

 Take a look at another example –

Sometimes, even if the email looks 100% legitimate, it may not be. Taking a little extra time to ask yourself: “Does this really look like an email one of our staff, families or community partners would send?” can prove very important. Particularly if it’s asking to click on a link, and ESPECIALLY if that link asks you to enter in username/password or other sensitive information. Those are potential red flags, and should give you pause to think –

• •Is this an email I’m expecting? 
• •Would this person send me an email like this unannounced, particularly with a link to click?
• •Does it look like the typical communication style that a staff member would use? 
• •If I hover my mouse over the link, does the link address look suspicious? 

Action: If you aren’t 100% sure on all those counts, it should give you pause enough to check in with the purported sender, or check in with IT to help confirm the authenticity of the email.

Text phishing

Phishing via text messaging is also on the rise. Here’s an example SSYAF staff have recently recieved –

Here are the red flags:

• A text from an unknown phone number
• A request for a response or action, possibly to click a link
• An unusual or unexpected communication style from a staff member that does not usually communicate in this way

Action: Do not reply to the text. Click Report Junk. Contact IT if you have any doubt of a text message authenticity

In summary:

• Continue to be vigilant and suspicious of odd looking emails that you can’t easily authenticate, especially if it has odd language or phrasing.
• Verify authenticity via a separate communication, either a new separate email, text message or phone call.
• Don’t click on any links or open attachments from emails you aren’t sure of their authenticity.
• Be especially suspicious of emails that you aren’t 100% sure about that contain links that lead to you entering in username/passwords.
• Contact and forward the email to IT if you’re in any doubt.

If you want more information about phishing, check out this detailed article from TechRepublic - https://www.techrepublic.com/article/phishing-and-spearphishing-a-cheat-sheet/