Page 37 - NYS_ESS_03-2025
P. 37

local Regional in the e-mail to trick you into thinking they
                                                                    have a connection to you, making you more likely to click
                                                                    a link or attachment that they provide.
                                                                 •  Whaling: Whaling is a popular ploy aimed at getting you to
                                                                    transfer money or send sensitive information to an attacker
           We have recently been made aware of email scams targeting   via email by impersonating a real NYSAPLS or Regional
           our association. We wanted to inform you of a common cyber-  officer or board member. Using a fake domain that appears
           attack that everyone should be aware of called “phishing”.   similar to ours or the regional’s, they look like normal emails
           “Phishing” is the most common type of cyber-attack that   from people you know and ask you for sensitive information
           affects organizations like ours. Phishing attacks can take many   (including usernames and passwords).
           forms, but they all share a common goal – getting you to share   Best Practices to Avoid Phishing Schemes
           sensitive information such as login credentials, credit card   Do not click on links or attachments from senders that you
           information, or bank account details.                do not recognize.
           Although we maintain controls to help protect our networks   •  Do not provide sensitive personal information
           and computers from cyber threats, it’s important everyone is   (like usernames and passwords) over email.
           on the look for suspicious emails.                    •  Watch for email senders that use suspicious or
           We’ve outlined a few different types of phishing attacks to   misleading domain names.
           watch out for:                                       How to Report a Phishing Scheme
            •  Phishing: In this type of attack, hackers impersonate a real   Forward any phishing attempts to the following
              company to obtain your login credentials. For example,   two organizations:
              they could send an e-mail asking you to verify your   1.  The Anti-Phishing Working Group at
              account details with a link that takes you to an imposter   reportphishing@apwg.org
              login screen that delivers your information directly to the   2.  The Federal Trade Commission (FTC) at
              attackers.                                            ReportFraud.ftc.gov.
            •  Spear Phishing: Spear phishing is a more sophisticated
              phishing attack that includes customized information that   Note: If you ever receive a phishing
              makes the attacker seem like a legitimate source. They   text message you should forward it
              may use a familiar name and refer to NYSAPLS or your    to SPAM (7726).















































                                               EMPIRE STATE SURVEYOR / VOL. 61 • NO 2 / 2025 • MARCH/APRIL   35
   32   33   34   35   36   37   38   39   40