5 Ways That Cities Can Battle Back Against Phishing
Brandon Bell, Network Infrastructure Consultant Sophicity: We put the IT in City
As information technology evolves and various tools and systems improve, why are there so many successful cyberattacks on cities? One big risk is people.
Hackers and criminals know that people are often the weakest link in an organization. Think about it. If you’re going to steal information from the most secure building in a city, what sounds like a better strategy? Breaking through the locked front door late at night, or tricking a city employee to let you walk right in?
Phishing works similarly. Hackers just need one employee to click on an email attachment to insert ransomware, malware, or a virus inside your city’s systems. And, the employee may not even realize they were just fooled.
Given the high probability of eventual success, it may seem impossible to prevent an employee from falling prey
to a phishing attack. However, there are five ways that cities can mitigate the risk and lower the chance of devastating consequences if a phishing attack does occur. 1. Regularly train employees and keep them aware of evolving phishing tactics. Use training to make employees aware that several kinds of phishing attacks exist including: •
•
•
Investing in your
INFRASTRUCTUR RE is an INVESTMENT inn
. w o r r o m to
Q Streets Q Sewer
We’ve written about ways to spot phishing attacks in the past, but a few pointers that are always helpful to let employees know about include: •
Q Drainage Q Water Q Airports Q GIS Q Electrical Power
•
Trusted. Proffessional. essional. Soluttions.
Sioux Falls, SD 605-339-4157
dgr.com 36
Yankton, SD S 605-665-2 2002
email:dgr@dgr.com
Traditional phishing: This is the kind of phishing most people know about. You receive an email that purports to be from a bank, your phone company, or some other legitimate organization. The hacker uses the spoofed email to get you to click on a malicious email attachment or website link. Spear phishing and whaling: These two terms pretty much mean the same thing—a hacker goes after a specific city employee with a great deal of thought and effort. The stakes are usually higher here. For example, the hacker may try getting you to transfer a lot of money. Read how the City of Paris, Kentucky fended off such an attack. Vishing: This is a relatively new term that refers to phishing over the phone. Hackers may do something like pretend they’re a legitimate caller who needs a username and password over the phone. If you hand that information over, the hacker may then use that information to hack you online.
Spotting obvious scam signs: Check the sender’s name and email address. If an email supposedly from your bank is from linkmail383738333@kojel.com, then it’s probably not legitimate. Hover over URLs with your cursor. Do the URLs look suspicious (such as not taking you to the banking site)? Is the grammar poor? Organizations (especially large organizations) send out professional messages with good, mostly typo-free writing. Bad grammar is often the sign of a phishing email. Being slow to trust: Question each email you receive. Assume it is not legitimate, and that it is not from the person identified. Does it seem right? For example, if your bank contacts you in the middle of the day, says that “unauthorized access” occurred, and that you need to enter your username and password—now!—or you’ll be locked out of your account in an hour, does that seem right? Even if you think an email is legitimate, don’t use the link or phone number provided in the email. Go directly to the SOUTH DAKOTA MUNICIPALITIES
