GMA: Phishing Attacks on Cities Increasing

Staff Report From Georgia CEO

Tuesday, July 30th, 2019

Recently there has been an increase in cyber-attacks on local governments in Georgia. In an effort to further enhance awareness, GMA wants to highlight a common cyber-attack that everyone should be aware of: phishing.

What is Phishing?
"Phishing" is a common type of cyber-attack that affects many organizations, including city governments.  Phishing attacks can take numerous forms, but they all share a common goal – getting an individual to share sensitive information such as login credentials, credit card information or bank account details. While your city’s IT staff or IT partners should have controls in place to help protect networks and computers from cyber threats, individual city officials and employees are the first line of defense.

   What Does It Look Like?
  • Phishing: In this type of attack, hackers impersonate a real company to obtain an individual’s login credentials. Targets may receive an email asking them to verify their account details with a link that takes them to an imposter login screen that delivers their information directly to the attackers.

  • Spear Phishing: Spear phishing is a more sophisticated phishing attack that includes customized information that makes the attacker seem like a legitimate source. They may use a city employee’s name and phone number and refer to your city in the email to trick the employee into thinking they have a connection to you, making the employee more likely to click a link or attachment that they provide.

  • Whaling: Whaling is a popular ploy aimed at getting a city employee to transfer money or send sensitive information to an attacker via email by impersonating a real city employee. Using a fake domain that appears similar to a city’s domain, they look like normal emails from a high-level official of the city, typically the City Manager or Finance Director, and ask the employee for sensitive information (including usernames and passwords).

  • Shared Document Phishing: A city employee may receive an email that appears to come from file-sharing sites like Dropbox or Google Drive indicating that a document has been shared with the employee. The link provided in these e-mails will take the employee to a fake login page that mimics the real login page and will steal their account credentials.

  • Impersonation Fraud/Invoice Manipulation: An imposter requests a wire transfer via phone, fax, email or text message. The fraudster may also intercept a legitimate invoice from a city vendor and alter the routing number and banking information such that the ACH payment is made to a fraudulent account before being moved offshore.

What Can You Do?
To help try to avoid these phishing schemes, GMA encourages all city officials and employees to review and observe the following email best practices:

  1. Do not click on links or attachments from senders that you do not recognize. Be especially wary of .zip or other compressed or executable file types.

  2. Wire transaction requests received via email should be verified with the vendor and approved by the CFO.

  3. Do not provide sensitive personal information (like usernames and passwords) over email.

  4. Watch for email senders that use suspicious or misleading domain names.

  5. Inspect URLs carefully to make sure they’re legitimate and not imposter sites. Sometimes the change may be as small as one letter.

  6. Do not try to open any shared document that you’re not expecting to receive.

  7. If you can’t tell if an email is legitimate or not, contact your IT department immediately.   

  8. Be especially cautious when opening attachments or clicking links if you receive an email containing a warning banner indicating that it originated from an external source.

  9. When in doubt, call the sender to verify that the email is legit (but do not respond by email to the sender).