Page 13 - NYS_ESS_05-2024-Final
P. 13

Associate Member Spotlight:
                                                                Ivan Pazmino



            We have recently been made aware of email scams targeting                  Ivan Pazmino is a survey draftsperson
            our association. We wanted to inform you of a common cyber-                at N & P Engineering, Architecture
            attack that everyone should be aware of called “phishing”.                 & Land Surveying (Nelson + Pope)
            “Phishing” is the most common type of cyber-attack that                    and a new associate member of the
            affects organizations like ours. Phishing attacks can take many            New  York State Association of
            forms, but they all share a common goal – getting you to share             Professional Land Surveyors.
            sensitive information such as login credentials, credit card
            information, or bank account details.                                      Originally from Ecuador, Ivan
            Although we maintain controls to help protect our networks                 joined Nelson + Pope in February
            and computers from cyber threats, it’s important everyone is               2022 after moving to the United
            on the look for suspicious emails.                   States. While living in Ecuador, Ivan graduated from the
                                                                 Pontifical Catholic  University of  Quito.  During his
            We’ve outlined a few different types of phishing attacks to   4th semester in college, Ivan had a good friend who asked
            watch out for:                                       him to  assist  him in the field  using a total station for
             •  Phishing: In this type of attack, hackers impersonate   topographic services. His friend showed him how to
               a real company to obtain your login credentials. For
               example, they could send an e-mail asking you to verify   measure a piece of land and how to use survey equipment.
               your account details with a link that takes you to an   Since then, Ivan’s passion and skillset in the surveying field
               imposter login screen that delivers your information   were born and cultivated.
               directly to the attackers.
             •  Spear Phishing: Spear phishing is a more sophisticated   Ivan shares that surveying is a great choice for younger
               phishing attack that includes customized information that   generations.  Nowadays, land surveying incorporates
               makes the attacker seem like a legitimate source. They   advanced technology, such as the use of drones, robotic
               may use a familiar name and refer to NYSAPLS or your   stations, and software that make work more interesting and
               local Regional in the e-mail to trick you into thinking they   interactive. He also enjoys the ability to work in different
               have a connection to you, making you more likely to click   environments from day to day; one day you can be working
               a link or attachment that they provide.
             •  Whaling: Whaling is a popular ploy aimed at getting you to   in the field and another day you can be working in the office
               transfer money or send sensitive information to an attacker   and processing data collected.
               via email by impersonating a real NYSAPLS or Regional
               officer or board member. Using a fake domain that appears   Having his Unmanned Aircraft
               similar to ours or the regional’s, they look like normal   System (Drone) licensure, Ivan was
               emails from people you know and ask you for sensitive   recently able to utilize it on the job.
               information (including usernames and passwords).  Using his drone knowledge and
                                                                 skills, Ivan was able to capture
            Best Practices to Avoid Phishing Schemes
            Do not click on links or attachments from senders that you do   reliable imagery for the Army Corp
            not recognize.                                       Beach Replenishment project for
             •  Do not provide sensitive personal information (like   the  Town of Southampton. The
               usernames and passwords) over email.              project involved boundary and
             •  Watch for email senders that use suspicious or misleading   topographic surveys of numerous
               domain names.                                     upscale beach mansions in East
                                                                 Quogue to be utilized for creating
            How to Report a Phishing Scheme                      easements for dune reconstruction.
            Forward any phishing attempts to the following       Obtaining     highly    detailed
            two organizations:                                   planimetrics and topography would
             1.  The Anti-Phishing Working Group at              have been a massive effort for a field
               reportphishing@apwg.org
             2.  The Federal Trade Commission (FTC) at           crew in the time frame allotted and
               ReportFraud.ftc.gov.                              using the drone for mapping was
                                                                 determined to be the best choice to
            Note: If you ever receive a phishing text message you should   accomplish the task.
            forward it to SPAM (7726).
                                                                 Ivan continues to be hands-on, deliver his skills, and grow
            Thanks for helping to keep our members safe          in the profession.
                      from these cyber threats!

                                                    EMPIRE STATE SURVEYOR / VOL. 60 • NO 3 2024 • MAY/JUNE   11
   8   9   10   11   12   13   14   15   16   17   18