Tips on Preventing an Advanced Email Spoofing Attack: An Interview with Stephanie Settles, City Clerk and Treasurer of Paris, Kentucky
Dave Mims, CEO Sophicity: We put the IT in city
While a spam email may occasionally trick your city employees, it’s safe to say that normal spam emails are full of red flags. The writing is terrible, the email address looks obviously wrong, or the information requested from you is bizarre. Immediately, you flag that email as spam because you’ve seen through the amateurish scam.
But because cities are big targets for cybercriminals, you might occasionally become the subject of a sophisticated, targeted email scam—so sophisticated that it’s really, really hard to know if the email is spam.
If you don’t believe this situation could happen to you, meet Stephanie Settles, City Clerk and Treasurer of Paris,
OCTOBER 2017
Kentucky—a city with a population of a little under 10,000 and a staff size of 125. In other words, it happened to a city that’s probably around your size.
After sharing her story at a recent cybersecurity presentation, about a fourth to a third of the room said they had received similar emails. In this interview, Settles talks to us about what happened, how she ended up detecting the complex spoof email, and how cities can stay vigilant against similar attacks. So, you received a spoof email but didn’t know it was a spoof at first. Talk about what happened.
I received an email from my “City Manager.” You’ll soon see why I put that title in quotes. Coincidentally, the real City Manager left my office 15 minutes prior to me receiving the first email from “him.”
13
