your passport to all things web
Serious Security Issue
Over the weekend, we determined that PSAB, along with many of our boroughs, are under attack. The attacks are not coming from PSAB or any of the boroughs, but they are well crafted Emails, and, at this point, our only defense is YOU!
We have received more than 20 reports of bogus Emails this morning, and, unfortunately, every one of them is different. Further, they are improving so it is getting harder and harder for the end user to tell that the email is not legitimate.
At this point, we are requesting that all staff members forward ANY suspicious emails to firstname.lastname@example.org for evaluation. We will then push something out through these bulletins to make staff aware of the latest attempts. We are keeping Chris in the loop and he, along with IT, is monitoring the situation.
Following are some attack vectors that you may not consider:
Many of the Emails have a pdf attachment. The pdf is not malicious, but there is a link in the pdf file that is malicious. The link, if clicked, would take you to a login screen for whatever the service is that is being scammed, for instance a bank account, your Email login, a website login, a SECURE PORTAL login, etc. The displayed page will look EXACTLY like the real login page. Even the URL could match the URL of the legitimate website. If you enter credentials, you have provided the scammer with your login credentials. DO NOT CLICK ON ANY LINKS IN AN EMAIL that goes to a login screen. You should have all of your login screens bookmarked in your browser or a short cut on your desktop. Use the direct URL to the site you are logging into. This goes for ANY AND ALL logins from IMIS to webmail. We suspect that we will start getting Emails with bad links as well, so this is not just limited to pdf files.
Effective immediately, be suspicious of anything. Staff members have gotten Emails from other staff members with links in them that are bogus. Of course they did not come from your associate, but they appear as though they did.
Even innocent Emails are to be suspect at this point. This was provided to us just a few minutes ago:
From: Bonnie Forsythe
Sent: Tuesday, February 20, 2018 11:12 AM
To: Shelley Houk
Subject: Automatic reply: Personnel policy
Thank you for your email.
Your message has been forwarded to my new email address, Forsythe.MarsPA@gmail.com.
This may be legitimate, but it is NOT the way to request an email change. Do NOT assume an email like this is legitimate. Something like this should be confirmed before changing our records. If we would change this Email address, and it is linked to any of our secure services, we would be at risk.
We suspect that there is more than one actor and that they have reviewed all of our websites and most of our borough websites. Therefore ALL departments are involved. We would also be very careful, personally, as it is very easy to track back a work Email to personal Emails and information. Whoever is doing this is taking the time to research and adjust, so we need to be extra careful.
If you have any questions, please open a ticket, and, although it is going to increase the work load on IT, at this point, we need to see any and all suspicious Emails so we can notify other staff members of any new attack vectors.