Don’t Take the Bait: Phishing Awareness
Phishing, a type of cyber attack in which an attacker impersonates a legitimate entity or individual to deceive and manipulate someone into providing sensitive information, such as usernames, passwords, credit card numbers, or other personal details, increased by 58% last year. A shocking 94% of organizations reported falling prey to phishing.
To make things worse, generative AI is going to increase this threat. Phishing, smishing, and vishing threats are only on the rise due to malicious actors using generative AI to automate and construct mass messages that are difficult to decipher.
Knowing how to detect a phishing attack for local government is the best way to protect yourself against attempts that continue to grow year after year.
In fact, OpenGov has been made aware of a potentially malicious domain “OpanGov.com” (note the “A” instead of the “E”) closely impersonating the OpenGov.com domain which is not registered to OpenGov. OpenGov will only contact you from the OpenGov.com domain, and through established channels. If you suspect an email to be phishing from OpenGov:
- Please verify the source. Ensure it is from the sender’s domain.
- Report it to your security team, and to your OpenGov Customer Success Manager or Account Executive.
- Communicate to your team to raise awareness to protect against phishing.
We urge our community to not respond to any emails, or connections that you suspect to be from a spoofed email address.
🎣 Watch for these phishing, vishing, and smishing trends and follow these tips:
- A text message from a number you don’t know pretending to be an executive asking for a favor, or from a “long-lost friend” asking to reconnect.
- Emails requesting updates on billing information, missing important billing information, or unfamiliar billing numbers.This lack of details or more communication than usual aims to distract from a potentially malicious domain.
- LinkedIn messages that ask for more information than typical.
- Check the email address of suspicious emails. Look for grammar mistakes, and different use of fonts. Pay close attention to the characters in the email address. For example an A instead of an O, U instead of an A, or 0 instead of an O Also, check the reply email address.
- Hover over links in emails to preview where they are sent to..
- Verify unexpected coworker texts, or voicemail messages through a trusted channel first, such as email or Slack.
- Do not share company information over unverified mediums such as LinkedIn or texts.
- Use multi-factor authentication where possible on personal devices, and applications.
- Review best practices and recommendations from the Cybersecurity and Infrastructure Security Agency such as Enhanced Email and Web Security.
Remain vigilant and thank you from the OpenGov Global Security Team (GST) team. If you have any questions or concerns, feel free to reach out to our team.
Last Updated on August 19, 2024 by Jeff Neukom
Categories: GovTech, Local Government, News, Technology, Thought Leadership