Page 18 - NYS_ESS_05-2026
P. 18
local Regional in the e-mail to trick you into thinking they
local Regional in the e-mail to trick you into thinking they
have a connection to you, making you more likely to click a
have a connection to you, making you more likely to click a
link or attachment that they provide.
link or attachment that they provide.
• Whaling: Whaling is a popular ploy aimed at getting you to
• Whaling: Whaling is a popular ploy aimed at getting you to
transfer money or send sensitive information to an attacker
transfer money or send sensitive information to an attacker
via email by impersonating a real NYSAPLS or Regional
via email by impersonating a real NYSAPLS or Regional
We have recently been made aware of email scams targeting our
We have recently been made aware of email scams targeting our officer or board member. Using a fake domain that appears
officer or board member. Using a fake domain that appears
association. We wanted to inform you of a common cyber-attack similar to ours or the regional’s, they look like normal emails
association. We wanted to inform you of a common cyber-attack
similar to ours or the regional’s, they look like normal emails
that everyone should be aware of called “phishing”.
that everyone should be aware of called “phishing”. from people you know and ask you for sensitive information
from people you know and ask you for sensitive information
“Phishing” is the most common type of cyber-attack that affects (including usernames and passwords).
(including usernames and passwords).
“Phishing” is the most common type of cyber-attack that affects
organizations like ours. Phishing attacks can take many forms, Best Practices to Avoid Phishing Schemes
organizations like ours. Phishing attacks can take many forms,
Best Practices to Avoid Phishing Schemes
but they all share a common goal – getting you to share sensitive Do not click on links or attachments from senders that you
but they all share a common goal – getting you to share sensitive
Do not click on links or attachments from senders that you
information such as login credentials, credit card information, or do not recognize.
information such as login credentials, credit card information, or
do not recognize.
bank account details.
bank account details.
• Do not provide sensitive personal information
Although we maintain controls to help protect our networks and
Although we maintain controls to help protect our networks and • Do not provide sensitive personal information
(like usernames and passwords) over email.
(like usernames and passwords) over email.
computers from cyber threats, it’s important everyone is on the • Watch for email senders that use suspicious or
computers from cyber threats, it’s important everyone is on the
• Watch for email senders that use suspicious or
look for suspicious emails.
look for suspicious emails. misleading domain names.
misleading domain names.
We’ve outlined a few different types of phishing attacks to watch How to Report a Phishing Scheme
We’ve outlined a few different types of phishing attacks to watch
How to Report a Phishing Scheme
out for: Forward any phishing attempts to the following
out for:
Forward any phishing attempts to the following
• Phishing: In this type of attack, hackers impersonate a real two organizations:
• Phishing: In this type of attack, hackers impersonate a real
two organizations:
company to obtain your login credentials. For example, 1. The Anti-Phishing Working Group at
company to obtain your login credentials. For example,
1. The Anti-Phishing Working Group at
they could send an e-mail asking you to verify your account reportphishing@apwg.org
they could send an e-mail asking you to verify your account
reportphishing@apwg.org
details with a link that takes you to an imposter login screen 2. The Federal Trade Commission (FTC) at
details with a link that takes you to an imposter login screen
2. The Federal Trade Commission (FTC) at
that delivers your information directly to the attackers. ReportFraud.ftc.gov.
that delivers your information directly to the attackers.
ReportFraud.ftc.gov.
• Spear Phishing: Spear phishing is a more sophisticated
• Spear Phishing: Spear phishing is a more sophisticated
Note: If you ever receive a phishing
phishing attack that includes customized information that Note: If you ever receive a phishing
phishing attack that includes customized information that
text message you should forward it
makes the attacker seem like a legitimate source. They may text message you should forward it
makes the attacker seem like a legitimate source. They may
to SPAM (7726).
use a familiar name and refer to NYSAPLS or your to SPAM (7726).
use a familiar name and refer to NYSAPLS or your
16 EMPIRE STATE SURVEYOR / VOL. 62 • NO 3 / 2026 • MAY/JUNE
