Central Rivers AEA Information Technology (IT) department continues “phishing campaign”

Phishing is the act of sending malicious emails that are designed to manipulate people into divulging sensitive information or installing harmful software. Statistically, phishing emails are the leading cause of data privacy incidents, so it’s more important than ever to equip yourself with the knowledge to identify these malicious messages.

Phishing is the preferred method of criminals because it is cheap, easy and effective. Central Rivers AEA holds a large cache of sensitive and confidential information, and that data is worth a lot of money on the dark web.

Recently, we launched a phishing campaign to help educate and train staff on how to identify and report phishing attempts.

• This is part of an educational initiative of simulated phishing attacks to help staff take appropriate action and minimize organizational risk in a safe environment.
• The phishing campaign will give Central Rivers AEA an opportunity to test all staff members and gain valuable metrics to assist with reducing failure rates.
• Threats are evolving and becoming much harder to detect, so there is absolutely no shame in falling for a simulated phishing attack!
• The goal is to empower our staff with the knowledge and confidence in identifying and reporting phishing messages.

Let’s take a look at our most recent phishing campaign and some common “red flags.”

1. Do you know the sender? Is the name spelled correctly? Does the email address look strange?
2. Does it urge you to take action? Are there spelling and/or grammatical errors?
3. Did you hover over the link? Does it take you to known and/or expected content?
4. Should there be an official agency signature here?

Now, let’s take a deeper look at the details of the email message…

1. Double-check the sender’s name and email address.
2. Double-check the sender’s reply-to email address.
3. Double-check the mailed-by provider address.

If you happened to click the link, you would have been prompted to enter your credentials:

The fake message web address also included “secured-login.net”, not the actual Google-affiliated address “accounts.google.com” when hovering over the links.

Let’s break down the statistics…

Take some time to review the message and search for any of the five common red flags:

1. Message is unexpected or oddly timed.
2. Message contains odd spelling or grammatical errors.
3. Message urges actions like clicking links or opening attachments.
4. Message appears to be time sensitive or threatens consequences for inaction.
5. Message is requesting money or personal information.

When you receive any suspicious communications: Stop and think before you click! If you suspect a phishing email, please contact the Help Desk at 319.273.8231 or helpdesk@centralriversaea.org to verify the email’s validity.