Embedded Files
Beware: Phishing Campaign Continues to Target State Employees
Two weeks ago, we alerted you to a phishing campaign targeting state employees. The campaign has persisted, and attackers are still trying to access state accounts.
What to know - If you receive an email inviting you to open a Microsoft OneDrive folder with the subject line: [account user] shared the folder “Payments” with you, and you see the image below—do not open it.
What to do - Report this email using the PhishAlarm located on the right side navigation of your inbox. If you received one of these emails and you opened it and entered your credentials, call the OIT Service Desk at 303-239-4357 (HELP) to report it.
About the OneDrive phishing campaign
OneDrive phishing emails aim to gain the credentials of as many users as possible. OIT is actively working to stop these emails before they reach state inboxes, but there is a chance that some will be delivered. Thank you for your partnership in combating this campaign and keeping state systems and data secure.
What is phishing?
Phishing is a cyberattack where scammers impersonate trusted entities, such as banks, companies, or individuals, to trick people into revealing sensitive information. This is often done through fake emails, messages, or websites designed to look legitimate. Phishing attacks aim to steal personal details like passwords, credit card numbers, or account information, often leading to identity theft or financial loss.
What do phishing hackers gain?
A successful phishing attack can allow hackers to install malware (such as ransomware), sabotage systems, or steal intellectual property or personal information, which can lead to identity theft and loss of money (yours or the state’s). It can also result in unauthorized access to confidential files or file locking.
What is a phishing email?
Phishing emails are a common tactic used by cybercriminals to deceive individuals into revealing sensitive information, such as passwords, credit card details, or personal data. These emails often appear to come from trusted organizations, such as banks or well-known companies, and use urgent language or enticing offers to manipulate recipients into clicking malicious links or downloading harmful attachments. Every day, people around the world fall victim to these scams, highlighting the importance of staying vigilant, recognizing red flags, and understanding how to protect oneself from such threats.
How do you recognize phishing scams?
Don’t trust the display name. A favorite phishing tactic among cybercriminals is to fake the “From” name in an email to try to fool you.
Check for spelling mistakes. Legitimate messages from companies should not have major spelling mistakes or poor grammar.
Beware of urgent or threatening language in the subject line. Invoking a sense of urgency or fear is a common phishing tactic. Always be suspicious of subject lines claiming your “account has been suspended” or your account had an “unauthorized login attempt.”
Don’t open attachments. Phishing emails often include attachments that contain viruses and malicious software, known as malware. Attackers can use malware to damage files on your computer, spy on you, steal your passwords, and more. Don’t open any email attachments you aren’t expecting.
Don’t click on links. Phishers often embed innocent-looking but malicious links in emails, text messages, or social media. A quick way to determine if a link is legitimate is to hover over (not click on!) the link for a few seconds so its true destination is revealed. Even then, proceed with caution, as a fraudulent email may contain a mixture of malicious and legitimate links.
What should I do with suspicious emails or phone calls?
If you receive a suspicious email, report it! Find detailed instructions here:
If you receive a suspicious phone call, hang up immediately; you would be surprised to know what an attacker can gain while they have you on the phone.
What should I do if I click on a link or attachment or think I gave an attacker my information?
If you clicked on a suspicious link and/or have given up state or your personal information, there are some steps you can take:
If credit card information was entered into a phishing site, call your bank to have them issue you a new card.
If highly personal information was given (e.g., Social Security Number, birthdate, etc.), you should sign up for an identity monitoring service (e.g., LifeLock, ID Watchdog, Identity Force, etc.).
Change passwords to your important accounts, and if you can, to all of your accounts.
Enable multifactor authentication wherever possible.
Report scams to the Colorado Attorney General, FCC (fcc.gov), and the FBI (ic3.gov)
If using a state-issued computer, contact your IT Service Desk.
If using your computer (not state-issued) run antivirus and anti-malware scans.
Report abuse