By: Samantha Brown
Before joining the staff at the San Marcos Area Chamber of Commerce I spend 3+ years working for the United States House of Representatives and each year I was required to do annual security training, with emphasis on email; specifically, phishing.
During my tenure in Congress we experienced the largest breach in federal staff security ever, with 21.5 million federal employees, contract employees, applicants and family members having their information stolen (per the Office of Personal Management, OPM) and at a great cost to the American people as tax dollars currently fund the credit monitoring for all effected.
Government agencies of all sizes are a target, they keep records for a sizeable amount of personnel and usually have more extensive personal information than private companies. Unfortunately, private companies are not spared from phishing.
What it is – people spoofing relevant email address in hopes to collect personal information for tax fraud, security clearances, and virus implementation.
How to spot it – Phishing emails typically come from an “inside” email asking for, specific data or come with a subject of “urgent” or “account needs to be verified”. Any email asking for your Social Security Number is suspicious, if there is a link to verify, be weary. Be cautious, these emails look legitimate but are often slightly off. If an email requesting personal information from your employer comes through, but is not from a specific person you recognize, take note. Look for discrepancy in name spelling and what they are asking for. E-mails usually come with note of urgency ” immediate action required”.
What you can do – Call the department requesting the information and verify the request. Call the person you received the email from and validate the email. If no one recognizes the request; do not answer.
How to report it – First and foremost contact your IT department (should you have one) so they can notify staff. Notify all superiors as soon as possible so they can also alert staff to “phishing” and then subsequently notify their banking entity for fraud monitoring.
Forward all suspected phishing emails to firstname.lastname@example.org.
For more information and additional resources please visit https://www.consumer.ftc.gov/articles/0003-phishing.
If you have additional questions please send them to email@example.com.