8 minute read
Tips on Preventing an Advanced Email Spoofing
Tips on Preventing an Advanced Email Spoofing Attack: An Interview with Stephanie Settles, City Clerk and Treasurer of Paris, Kentucky
Dave Mims, CEO Sophicity: We put the IT in city
Advertisement
While a spam email may occasionally trick your city employees,it’ssafetosaythatnormalspamemailsarefull ofredflags.Thewritingisterrible,theemailaddresslooks obviouslywrong,ortheinformationrequestedfromyouis bizarre. Immediately, you flag that email as spam because you ’ ve seen through the amateurish scam.
But because cities are big targets for cybercriminals, you might occasionally become the subject of a sophisticated, targeted email scam—so sophisticated that it’s really, really hard to know if the email is spam.
If you don’t believe this situation could happen to you, meet Stephanie Settles, City Clerk and Treasurer of Paris, Kentucky—acitywithapopulationofalittleunder10,000 andastaffsizeof125.Inotherwords,ithappenedtoacity that’s probably around your size.
After sharing her story at a recent cybersecurity presentation,aboutafourthtoathirdoftheroomsaidthey had received similar emails. In this interview, Settles talks tousaboutwhathappened,howsheendedupdetectingthe complex spoof email, and how cities can stay vigilant against similar attacks.
So,youreceivedaspoofemailbutdidn’tknowitwasa spoof at first. Talk about what happened.
I received an email from my “City Manager. ”You ’ll soon see why I put that title in quotes. Coincidentally, the real City Manager left my office 15 minutes prior to me receiving the first email from “him. ”
My City Manager was leaving town for a training session and we were making sure things had been processed and paid before he left. I had told him I was going across the street to pick up a sandwich for lunch and would be right back, and that if he needed or forgot something to let me know.
After I returned with my sandwich and sat at my desk, I received this email.
I was thinking,
“Oh, he must have forgotten something. ” Remember, I was helping him process paperwork and payments before he left. The timing of this message made total sense. So, I responded “Yes” to the email.
Nothing seemed abnormal at this point. Then I received the following email from “him” . “Okay cool, Stephanie I want you to process an outgoing wire transfer for me today. Can you handle that now?”
Again, if I looked at this quickly, the message still seemed legitimate. The real City Manager always addresses us by ourfirstnames.Itwouldnotbeunusualforhimtorequest a transfer considering we were paying bills that day. So, I responded back, “I sure can” . When “he” sent the following email, the red flags started. At this point, I noticed that the account name looked suspicious and the dollar amount seemed iffy.At our City, multiple signatures are required to spend over $9,000. But the language still sounded like my City Manager— especially the part about sending me an invoice and supporting documents for proper coding. He uses that language in his emails.
However,IwasreadytotellhimthatIcouldnotcomplete this request without proper approvals. It’s when I began to respond to this email that I 100% knew it was a spoof. Look at the email address for the “city manager. ”
The email address—with the “ceo01144” name—clearly did not match our City Manager’s email address. Then, I madesomecomparisonswithanormalemailfromhim.In a normal email, my City Manager typically does not reply to emails from his cell phone. Typically, he logs into his computer and replies to emails. Now, I know that if I see something from him that says “sent from my iPhone” that it is a spoof email.
What made this spoof email so tricky to spot?
Most importantly, the timing, language, and request made it seem like a normal email. Some secondary factors also made it tricky to detect that it was a spam email: • The emails contained a photo of the real City Manager.
• Thetopoftheemailsreferencedthecorrectemail address. • The real City Manager always begins his emails with the person’s name he is addressing. • The City ’s email disclaimer was at the bottom of the emails. • The emails came into my inbox grouped into the same “real” inbox for our paris.ky.gov email domain instead of appearing in my inbox from a new email address. • Eachemailthatthe“CityManager” usedtoreply tomewasanewemail.Inotherwords,eachtime he responded to me, he began an entirely new email thread. Normally, a discussion like this would just form one long email thread as we responded to each other.
Why is this kind of an email a security concern?
Let’s say that I couldn’t detect that this email was spam. Then, a criminal could have obtained access to the city ’s bankaccountsorothersensitiveandpersonalinformation. That kind of information in the wrong hands has the potentialtocrippleacityandinterferewithourserversand processing systems, harming our data integrity.
Plus, cities can be vulnerable because we’re often so busy and distracted. For example, I was so busy that day that I decided to take a working lunch at my desk. I spotted the red flags, but imagine someone less experienced or more distracted than me. It shows, with one slip, how easy a spammercantricksomeoneifthey ’renotpayingattention. What are some ways that cities can prevent against this kind of email spoofing attack?
This seemed extremely targeted, malicious, and criminal. For someone to go to the extent of retrieving someone’s photo, spoofing an email address, imitating the person’s language, and targeting me with a request that’s not terribly unusual means that’s it’s all but identity theft. Evenwithsuchasophisticatedattack,therearemanyways that cities can prevent a spammer from gaining access to your sensitive information by following a few tips:
• Change your passwords frequently. • Run full virus scans on a frequent basis. • Take notice of the email address when you respond to someone. • Ifindoubtofanemail,justpickupthephoneand call the person. It’s better to be safe than sorry.
From Frustration to Friends, How Common Ground Made Us Better
By Scott Savage
When we first started working together, Luke drove me nuts.
We approached leadership and work in very different ways.Hewasstructuredandformal.Iwaslooserandmore casual. He wanted everyone to respect him because of his positionandtitle.Ididn’thaveahighposition,soIearned respect through influence and trust. He took positions I disagreed with, so we openly opposed one another in meetings and discussions. I thought he was arrogant and quick-tempered; he thought I was young and naive. We were a match made in heaven!
But over time, a miracle occurred. The walls between us softened, and we became friends. We even became cobelligerentsoncertaincauses.Icanstillremembertheday I came home and told my wife that Luke was leaving our organization.MywifesaidshewassurprisedtohearIwas sad. I said I was going to miss working with him. She began to laugh, sharing how she wished she had a time machinetobringthemewhousedtorageaboutLukeinto the present so she could see the disbelief on his face.
The Power of Common Ground
How did Luke and I go from constantly frustrating each other to becoming friends? We found common ground.
• Welistenedtoeachotherandfoundplaceswhere we agreed. • We grew to understand one another better, and this understanding led to a new appreciation. • We watched each other be judged, labeled and categorized unfairly by others. We stood up for one another out of empathy. • Wegotmisledbythesameleaderandencouraged one another through a season of disillusionment. • We worked on common causes together, celebrating progress and success.
I won’t paint an unreal picture of our relationship.We still consistently annoyed one another. We never became best friends. We even argued differing positions with passion. But when we said goodbye, we knew our lives would be a little emptier without the others’presence.
This is the power of common ground. Common ground turns an enemy into a friend. Because of common ground, someone who annoys us can become someone who encourages us.
Common ground is essential to working together with others, especially those who are very different and with whom we struggle to get along.
CommongroundistheonlywayIknowtobuildunity,not uniformity, amidst genuine diversity.
10 Principles for Building Common Ground With Someone Who FrustratesYou
How do we build this common ground? Here are ten principles I took from my experience with Luke and still apply today. Putting these in action could transform your relationships.
Listen more, talk less.
It’sdifficulttoknowwhereyouhavecommongroundwith someoneelseifyou ’retheonedoingallthetalking.Study the other person.
Look for places of agreement (even on little things).
A small place where two people come together can become a large area of common commitment over time.
No affinity or agreement is too small on which to start building.
Seek to understand more than to be understood.
Try to see the world from their perspective. Listen to not onlytheirwordsbutfeelingsandemotionstoo.Everybody has a story if you ’ll stop long enough to hear it.
Allow understanding to increase appreciation.
Asyouunderstandsomeone’spointofview,youcanbegin to appreciate it.Appreciation is not agreement, but it does lead to more generosity in the relationship.
Develop empathy in places where common experiences emerge.
Empathybondsustoeachother,anditleadsustostandin solidarity with others during their struggle. Suffering connects in ways success cannot.
Encourage others during their struggles.
Dropping someone a note of encouragement or gratitude as they battle in an area can disarm them and encourage their efforts. No one is over-encouraged.
Anticipate the discomfort.
One of my mentors once told me,
“nothing will mess with your religion and politics more than meeting someone on the other side and discovering you like them. ” Common groundisnotforthefaintofheart,butthepaintransforms us.
Find something to work together on and celebrate the outcome.
Common ground is a great idea, but it’s an even better practice. Common ground leads us to common work. My relationship with Luke changed when we began working on projects together.
Focus on what you enjoy and appreciate, not what gets you frustrated.
Frustration is inevitable but keep your attention on what you enjoy and appreciate. It’s amazing how much our focus determines our perspective.
Give thanks for how someone different from you is helping you to grow.
Peoplewhoarejustlikeusrarelychallengeusorstimulate us. However, those who are different from us tend to challenge and sharpen us.The person who drives you nuts may be helping you to get better than you ’ ve ever been. Common ground transforms the most difficult relationships into ones we cannot imagine living without.
Originally published at ThinDifference.com, Leaders Finding Common Ground.
