By Chad Engle, Loss Prevention and Safety Specialist
Some months I rack my brain trying to come up with a topic for my Safety Shorts article, this month was not one of those months. Today I received an email from a member county to let me know they had received not one, but two fake and possibly malicious emails from my NIRMA email address. They had reported it to their IT department, and I did the same. What I learned from Tod Thieman, NIRMA’s Senior Systems Engineer, was that they had “spoofed” my email address to try and convince the member that it was a legit email from a safe address. Luckily, the member recognized it before clicking on any links or attachments or providing any important information.
Recently we also had an incident where a member county’s email account had been hacked. Somehow the hacker had gained access into the members email account and could send and receive emails from that address. In the previous example they were just forging my email address.
At least once a week on my personal email account I receive a notice from PayPal notifying me that my account is temporarily limited as they are concerned about some potentially unauthorized account access. They are using Social Engineering to attempt to scare me into clicking on a link that will ask me to verify my account and password, giving them access.
The red flags that catch my eye on this scam are the email address and the language at the bottom of the page. The email address this message comes from is firstname.lastname@example.org, an email from PayPal will come from paypal.com. The language at the bottom of the email asks you “Please do not reply to this email” and something about the “monetary authority of Singapore.”
I bring these examples to your attention to remind you to remain vigilant when it comes to cybersecurity. An article by Tara Seals on threatpost.com points out that the COVID-19 pandemic has led to sharp increases in cybercrime in 2020 as cybercriminals are targeting employees that work from home. Now more than ever we need to be certain our employees have the training and knowledge they need to protect themselves and their county or agency from cybercriminals. NIRMA provides multiple training options for cybersecurity and many other topics. Live training can be provided in person or via Zoom. Training is also available via NIRMA’s Online University and Video on Demand.
Your first line of defense is your employee’s knowledge of cybersecurity and social engineering, please equip them with the information to protect themselves and your county or agency. For questions or training on this topic please contact Chad at email@example.com or 1.800.642.6671.