Showing posts with label Division of Local Services. Show all posts
Showing posts with label Division of Local Services. Show all posts

Friday, November 13, 2020

DLS Alert: Commonwealth Employees Targeted by Phishing Campaign


DLS Alert: Commonwealth Employees Targeted by Phishing Campaign


The following is a notification from the Massachusetts Executive Office of Technology Services and Security (EOTSS).

Commonwealth Employees Targeted by Phishing Campaign
Curtis M. Wood - EOTSS Secretary and Chief Information Officer

As many of us in state and municipal government are increasingly conducting our work remotely, the cybersecurity risks of data breaches, disclosures of sensitive data, and targeted cybersecurity threats have increased. As you will see below, we are seeing a rise in malicious cyber attacks, specifically aggressive phishing campaigns over e-mail and texts. The Commonwealth continues to be in contact with our federal partners at the Department of Homeland Security to stay vigilant of emerging cyberthreats and remains on high alert to protect Commonwealth systems and ensure continuity of government operations.

The Commonwealth has recently been the target of an aggressive phishing and smishing campaign. The malicious actors are using free e-mail services, such as g-mail, to create fake e-mail accounts designed to impersonate Commonwealth Leadership and are using social engineering tactics to elicit a sense of urgency. In addition to e-mail, the scammers have started using text messages as another way to phish our community. This technique, often referred to as smishing or SMS phishing, is a text-message based variation of traditional phishing scams, and a growing cyber threat. This particular campaign does not contain any links or malicious documents, but rather requests that the user purchase a gift card on behalf of the executive.

If you receive an e-mail or a text message requesting you to purchase a gift card, to pay by gift card, or to wire money – for any reason – that's a sure sign of scam. Any correspondence, whether e-mail or SMS-based, imploring (or even threatening) the need for an immediate response, should be treated with healthy skepticism.


Remember to pay attention to key warning signs:
  1. False sense of urgency
  2. External e-mail address as either the sender or the reply-to address
  3. Misspellings and Typos
  4. Consider the purpose; is this someone you'd typically correspond with?
  5. Be wary of suspicious attachments and links

read the red outlines for details on what to look for
read the red outlines for details on what to look for
 
 
read the red outlines for details on what to look for 1
read the red outlines for details on what to look for 1