Showing posts with label phishing. Show all posts
Showing posts with label phishing. Show all posts

Tuesday, July 20, 2021

Friday, November 13, 2020

DLS Alert: Commonwealth Employees Targeted by Phishing Campaign

DLS Alert: Commonwealth Employees Targeted by Phishing Campaign

The following is a notification from the Massachusetts Executive Office of Technology Services and Security (EOTSS).

Commonwealth Employees Targeted by Phishing Campaign
Curtis M. Wood - EOTSS Secretary and Chief Information Officer

As many of us in state and municipal government are increasingly conducting our work remotely, the cybersecurity risks of data breaches, disclosures of sensitive data, and targeted cybersecurity threats have increased. As you will see below, we are seeing a rise in malicious cyber attacks, specifically aggressive phishing campaigns over e-mail and texts. The Commonwealth continues to be in contact with our federal partners at the Department of Homeland Security to stay vigilant of emerging cyberthreats and remains on high alert to protect Commonwealth systems and ensure continuity of government operations.

The Commonwealth has recently been the target of an aggressive phishing and smishing campaign. The malicious actors are using free e-mail services, such as g-mail, to create fake e-mail accounts designed to impersonate Commonwealth Leadership and are using social engineering tactics to elicit a sense of urgency. In addition to e-mail, the scammers have started using text messages as another way to phish our community. This technique, often referred to as smishing or SMS phishing, is a text-message based variation of traditional phishing scams, and a growing cyber threat. This particular campaign does not contain any links or malicious documents, but rather requests that the user purchase a gift card on behalf of the executive.

If you receive an e-mail or a text message requesting you to purchase a gift card, to pay by gift card, or to wire money – for any reason – that's a sure sign of scam. Any correspondence, whether e-mail or SMS-based, imploring (or even threatening) the need for an immediate response, should be treated with healthy skepticism.

Remember to pay attention to key warning signs:
  1. False sense of urgency
  2. External e-mail address as either the sender or the reply-to address
  3. Misspellings and Typos
  4. Consider the purpose; is this someone you'd typically correspond with?
  5. Be wary of suspicious attachments and links

read the red outlines for details on what to look for
read the red outlines for details on what to look for
read the red outlines for details on what to look for 1
read the red outlines for details on what to look for 1

Sunday, October 11, 2020

"Talk Franklin" discussion on phishing incident, election prep, and PFAS testing

FM #363 = This is the Franklin Matters radio show, number 363 in the series. 

This session of the radio show shares my "Talk Franklin" conversation with Town Administrator Jamie Hellen and Marketing and Communications Specialist Anne Marie Tracey. We had our conversation via conference bridge to adhere to the ‘social distancing’ requirements of this pandemic period.

We talk about: 

  • Insurance coverage
  • Internal controls changed
Election prep
  • Ballots mailing
  • Drive thru hours, etc
PFAS testing
  • By April 2021
  • Senior Coffee Hour – Oct 15
  • EDC listening session  - Oct 19 #thinkFranklinfirst
  • School Committee – Oct 13

Links to the key topics covered here are included in the show notes. The recording runs about 45 minutes, so let’s listen to my conversation with Jamie and Anne Marie.  Audio file =


Town Clerk page

Business listening sessions 


We are now producing this in collaboration with Franklin.TV and Franklin Public Radio ( or 102.9 on the Franklin area radio dial.  

This podcast is my public service effort for Franklin but we can't do it alone. We can always use your help.
How can you help?
  • If you can use the information that you find here, please tell your friends and neighbors
  • If you don't like something here, please let me know

Through this feedback loop we can continue to make improvements. I thank you for listening.

For additional information, please visit

If you have questions or comments you can reach me directly at shersteve @ gmail dot com

The music for the intro and exit was provided by Michael Clark and the group "East of Shirley". The piece is titled "Ernesto, manana"  c. Michael Clark & Tintype Tunes, 2008 and used with their permission.

I hope you enjoy!


You can also subscribe and listen to Franklin Matters audio on iTunes or your favorite podcast app; search in "podcasts" for "Franklin Matters"


"Talk Franklin" discussion on phishing incident, election prep, and PFAS testing
"Talk Franklin" discussion on phishing incident, election prep, and PFAS testing

Saturday, October 10, 2020

“In general, cyberattacks have increased since the COVID-19 crisis came into affect"

From the Milford Daily News, an article of interest for Franklin:

"Town officials announced Thursday night that the town was victimized by a “spear phishing” attack that resulted in $522,000 being “misdirected to a third party.”

The attack did not affect the town’s general fund, but rather a non-general fund account, said Town Administrator Jamie Hellen.

“I have been reassured that Franklin’s electronic data is secure,” Hellen said in a press release. “There is currently no evidence of a breach of our systems. All personal information, accounts and town software systems have been found not to be compromised. The incident was not a ransomware attack.”

Spear phishing involves sending emails, posing as trusted sender, with the goal to infect a specific target’s devices with malware or to steal information and/or money. Comparatively, phishing is less targeted toward specific victims and is more random, casting a wider net than spear phishing attacks."

In case you missed the original announcement of the phishing attack:

On Friday, Oct 9, Jamie and I recorded our "Talk Franklin" episode and discussed this incident in more detail. You'll be able to hear that shortly.



Tuesday, July 22, 2014

IRS Warns of Pervasive Telephone Scam

A Facebook message from a regular Franklin reader warns:
"Steve, please let the community know that the IRS does not call anyone directly to collect outstanding tax bills. That's just not how they do business. I just got a call and the person became belligerent when I called them out. The phone number on caller ID came up as 415-251-9782."
A quick search on IRS phone calls brought this information from the webpage

IRS logo
If you get a phone call from someone claiming to be from the IRS, here’s what you should do:
  • If you know you owe taxes or you think you might owe taxes, call the IRS at 1.800.829.1040. The IRS employees at that line can help you with a payment issue – if there really is such an issue.
  • If you know you don’t owe taxes or have no reason to think that you owe any taxes (for example, you’ve never received a bill or the caller made some bogus threats as described above), then call and report the incident to the Treasury Inspector General for Tax Administration at 1.800.366.4484.
  • If you’ve been targeted by this scam, you should also contact the Federal Trade Commission and use their “FTC Complaint Assistant” at Please add "IRS Telephone Scam" to the comments of your complaint.
Taxpayers should be aware that there are other unrelated scams (such as a lottery sweepstakes) and solicitations (such as debt relief) that fraudulently claim to be from the IRS. 
The IRS encourages taxpayers to be vigilant against phone and email scams that use the IRS as a lure. The IRS does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels. The IRS also does not ask for PINs, passwords or similar confidential access information for credit card, bank or other financial accounts. Recipients should not open any attachments or click on any links contained in the message. Instead, forward the e-mail to
More information on how to report phishing scams involving the IRS is available on the genuine IRS website,
The IRS posted this message in October of 2013.

Saturday, July 12, 2014

Update: E-ZPass email phishing scam - sample email

I had shared the alert from MassDOT about the E-ZPass email phishing scam that was making the rounds. As I checked my email spam folder this morning, I found that I had one! How cool... This is what I got and how it looks in Gmail:

E-ZPass phishing email
E-ZPass phishing email
While the Google spam filter has already identified this as spam, one of the key place to look is in the email address. The header of the email will look official (E-ZPass Service Center) but the actual email address will be something other than what it should be (support at The .ru in this case indicated the email is from a Russian domain.

The simple word on how to deal with suspicious emails? Delete.

Don't follow the link, you could pick up a virus or worse. Don't ever provide information if you do follow the link. They are looking for your account info and will take you for a ride if you give it to them.

Be safe!

For reference the post earlier this week can be found here:

Wednesday, July 9, 2014

E-ZPass "Payment for driving on toll road"

The Massachusetts Department of Transportation (MassDOT) E-ZPass program today is alerting E-ZPass customers about an e-mail phishing scam. Some E-ZPass customers in Massachusetts and other states have received an e-mail from “E-ZPass Customer Service Center” with the subject, “Payment for driving on toll road.” 
Please be advised that this is NOT a communication from E-ZPass, but is likely a phishing scam. E-ZPass advises you not to open or respond to that message.

If you have any questions about the validity of any message received from E-ZPass, please contact the E-ZPass Customer Service Center for guidance at Telephone: 1-877-627-7745. 
As always, you may visit E-ZPass on the web to check your account:

 The scammers are always trying something new. The reason they try is they are successful enough times to make it worth while. Be alert. If the email is suspicious, don't open it. Delete it.

E-ZPass program scam alert page
E-ZPass program scam alert page

Thursday, November 6, 2008

Phishing scams in plain english

In our continuing series on understanding Web 2.0, one of the drawbacks of free and easy email is found with multiple scams. The folks at Common Craft have come up with a video to explain phishing scams. Very well done. Be careful what you click on in email!

Note: For those subscribers to this blog, this is one link that you can trust.