Page 29 - NYS_ESS

Page 29 - NYS_ESS_11-2022

P. 29

Nominations/Awards
Glenn Watson, Chair
• Committee met on August 24, 2022.
• Committee recently interviewed each of the officers presently sitting and We have recently been made aware of email scams targeting
e ha
ve recently been made a
W
ware of email scams targeting
each agreed to continue in their office for next year. our associa tion. W e wanted to inform you of a common c yber -
our association. We wanted to inform you of a common cyber-
• Committee seeks nominations for the awards given during annual attack that everyone should be aware of called “phishing”.
ware of called
a
“phishing”.
t ever
yone should be a
ttack tha
conference. Nominations should be submitted by mid-November.
“Phishing” is the most common type of cyber-attack that
“Phishing” is the most common type of c yber -a ttack tha t
VII. Unfinished Business affects organizations like ours. Phishing attacks can take many
tions like ours.
ttacks can take man
y
Phishing a
affects organiza
None to discuss forms, but they
but they
forms,
all share a common goal – getting you to share sensitive
VIII. New Business all share a common goal – getting you to share sensitive
information such as login credentials, credit card information,
• Duane Frymire, President of Mohawk Valley regional, nominated a local informa tion such as login credentials, credit card informa tion,
member (Mohawk Valley) for Life Membership in NYSAPLS. Duane or bank account details.
or bank account details.
recognized the member for his long service to the Mohawk Valley regional.
Although we maintain controls to help protect our networks
MOTION BY DON STEDGE TO AWARD THE MEMBER LIFE MEMBERSHIP Although we maintain controls to help protect our networks
ts,
it’
yber threa
and computers from c
s important ever
yone is
IN NYSAPLS, SECONDED BY JOHN ABRUZZO, ALL IN FAVOR, NONE and computers from cyber threats, it’s important everyone is
on the look for suspicious emails.
OPPOSED, MOTION CARRIED. on the look for suspicious emails.
We’ve outlined a few different types of phishing attacks to
• Scott Allen of Northern discussed a letter prepared by Northern and W e’ve outlined a few different types of phishing attacks to
presented for NYSAPLS letterhead and signature by President Garfinkel, watch out for:
watch out for:
in response to a situation where a bank’s attorney accepted a plot plan •
Phishing:
te
ttack,
In this type of a
hackers impersona
prepared by a PE for a private individual sewage treatment system permit • Phishing: In this type of attack, hackers impersonate
a real compan
F
or
y to obtain your login credentials.
as proof that the new foundation did not violate zoning setbacks and a real company to obtain your login credentials. For
example, they could send an e-mail asking you to verify
waived the requirement for a certified survey. The letter will be sent to example, they could send an e-mail asking you to verify
your account details with a link that takes you to an
legal counsel, Emily Whalen, for review and attached to the final draft of your account details with a link tha t takes you to an
imposter login screen that delivers your information
the Minutes of this meeting. imposter login screen tha t delivers your informa tion
directly to the a
ttackers.
• John Abruzzo raised concerns with the work of the Ad hoc Minimum directly to the attackers.
• Spear Phishing: Spear phishing is a more sophisticated
Technical Standards (MTS) committee. President Garfinkel responded to • Spear Phishing: Spear phishing is a more sophistica ted
tion tha
phishing a
t inc
t
ludes customized informa
ttack tha
those concerns. A lengthy discussion ensued regarding monumentation. phishing attack that includes customized information that

makes the a
They
te source.
ttacker seem like a legitima
• Don Stedge brought to the attention of the Board that the Rockland County makes the attacker seem like a legitimate source. They
may use a familiar name and refer to NYSAPLS or your
Health Department requires a survey for geothermal well applications, may use a familiar name and refer to NYSAPLS or your
local Regional in the e-mail to trick you into thinking they
but at the same time, the requirement seems to allow others to alter the local Regional in the e-mail to trick you into thinking they
survey map to show additional features. The Delaware Hudson regional ha ve a connection to you, making you more likely to c lick
have a connection to you, making you more likely to click
sent a letter to Rockland CHD pointing out Section 7209 (2) of the State a link or a ttachment tha t they provide.
a link or attachment that they provide.
Education Law (unauthorized alterations). A copy of the letter is attached to • Whaling: Whaling is a popular plo y aimed a t getting you to
• Whaling: Whaling is a popular ploy aimed at getting you to
these minutes. transfer money or send sensitive informa tion to an a ttacker
transfer money or send sensitive information to an attacker
via email by impersonating a real NYSAPLS or Regional
IX. Pass the Gavel via email by impersona ting a real NYSAPLS or Regional
ppears
t a
.
Using a fake domain tha
officer or board member
(each attendee is invited to give an update on their regional activities, news, officer or board member. Using a fake domain that appears
similar to ours or the regional’
s,
they look like normal
concerns, personal comments, etc.) similar to ours or the regional’s, they look like normal
w and ask you for sensitive
emails from people you kno
Northern had 11 members attend their September 15th regular meeting, emails from people you know and ask you for sensitive
which was followed by the NYSAPLS 2nd Showing webinar. information (including usernames and passwords).
words).
tion (inc
informa
luding usernames and pass
Genesee Valley had 20 members attend the September 15th 2nd Showing.
Best Practices to Avoid Phishing Schemes
Long Island is planning an October meeting. Best Practices to A void Phishing Schemes
Delaware Hudson enjoyed their July 30th outing to a Minor League baseball Do not click on links or attachments from senders that you do
t you do
ttachments from senders tha
lick on links or a
Do not c
game. About 50 people attended. not recognize.
not recognize.
Mohawk Valley’s first meeting in 2 years is coming up.
• Do not provide sensitive personal information (like
Mid-Hudson also attended the September 15th 2nd Showing webinar. • Do not provide sensitive personal information (like
usernames and passwords) over email.
Eastern had its first general membership meeting last week, since COVID usernames and passwords) over email.
• Watch for email senders that use suspicious or misleading
struck. • Watch for email senders that use suspicious or misleading
domain names.
Central will have its 3rd meeting since spring next week. They’ve had some domain names.
new faces attending meetings. They’ve been raffling $50 gift cards at
meetings. Central is seeing some renewed interest. How to Report a Phishing Scheme
How to Report a Phishing Scheme
Niagara Frontier’s meetings have been business as usual. The same 10-12 Forward any phishing attempts to the following
Forward any phishing attempts to the following
members attend. Joshua has been working on bringing NYSAPLS to the two organizations:
two organizations:
work place (generating interest in NYSAPLS among staff).
1. The Anti-Phishing Working Group at
Heather thanked Nassau Suffolk for hosting Headquarters staff at their recent 1. The Anti-Phishing Working Group at
reportphishing@apwg.org
summer social which included a cruise to Fire Island. reportphishing@apwg.org
Amber and Heather are working hybrid schedules (some days remote, some 2. The Federal Trade Commission (FTC) at
2. The Federal Trade Commission (FTC) at
days in office) ReportFraud.ftc.gov.
ReportFraud.ftc.gov.
Nassau Suffolk is getting back in to a regular schedule of meetings.
Note: If you ever receive a phishing text message you should
X. Upcoming Board of Directors Meetings – TBA Note: If you ever receive a phishing text message you should
forward it to SPAM (7726).
forward it to SPAM (7726).
Motion to adjourn by Rich Moravec, seconded by David Bardoun, all in favor, none
Thanks for helping to keep our members safe
opposed, motion carried. Thanks for helping to keep our members safe
Meeting adjourned at 10:14 p.m. from these c yber threats!
from these cyber threats!
Respectfully submitted: Scott B. Allen, LS – Secretary
encs.
EMPIRE STATE SURVEYOR / VOL. 58 • NO 6/ 2022 • NOVEMBER/DECEMBER 27

24 25 26 27 28 29 30 31 32