Page 29 - 07-2022-ESS-Final_Neat
P. 29
We have recently been made aware of email scams targeting
our association. We wanted to inform you of a common cyber-
attack that everyone should be aware of called “phishing”.
“Phishing” is the most common type of cyber-attack that
affects organizations like ours. Phishing attacks can take many
forms, but they
all share a common goal – getting you to share sensitive
information such as login credentials, credit card information,
or bank account details.
Although we maintain controls to help protect our networks
and computers from cyber threats, it’s important everyone is
on the look for suspicious emails.
We’ve outlined a few different types of phishing attacks to
watch out for:
• Phishing: In this type of attack, hackers impersonate
a real company to obtain your login credentials. For
example, they could send an e-mail asking you to verify
your account details with a link that takes you to an
imposter login screen that delivers your information
directly to the attackers.
• Spear Phishing: Spear phishing is a more sophisticated
phishing attack that includes customized information that
makes the attacker seem like a legitimate source. They
may use a familiar name and refer to NYSAPLS or your
local Regional in the e-mail to trick you into thinking they
Save the Dates! have a connection to you, making you more likely to click
a link or attachment that they provide.
• Whaling: Whaling is a popular ploy aimed at getting you to
NYSAPLS 64th Annual Conference transfer money or send sensitive information to an attacker
January 18-20, 2023 via email by impersonating a real NYSAPLS or Regional
officer or board member. Using a fake domain that appears
Turning Stone Resort & Casino similar to ours or the regional’s, they look like normal
Verona, NY emails from people you know and ask you for sensitive
information (including usernames and passwords).
Best Practices to Avoid Phishing Schemes
Do not click on links or attachments from senders that you do
not recognize.
• Do not provide sensitive personal information (like
usernames and passwords) over email.
• Watch for email senders that use suspicious or misleading
domain names.
How to Report a Phishing Scheme
Forward any phishing attempts to the following
two organizations:
1. The Anti-Phishing Working Group at
reportphishing@apwg.org
2. The Federal Trade Commission (FTC) at
ReportFraud.ftc.gov.
Note: If you ever receive a phishing text message you should
forward it to SPAM (7726).
Thanks for helping to keep our members safe
More details to be announced late fall 2022. from these cyber threats!
EMPIRE STATE SURVEYOR / VOL. 58• NO 4/ 2022 • JULY/AUGUST 27
