Recently several city staff members were the recipients of a Social Engineering attack. This attack came in the form of a phone call.
The caller stated that they were from Windows technical support and had noticed several viruses on the recipient’s computers. The recipients were advised to go to a web site and click on an application to remove the viruses. Following the instructions of the Windows technical support callers, the recipients went to the site and clicked on the application as directed. Upon clicking on the application, a malicious application was downloaded onto the City computers and the computers were locked up. When the City staff members asked what they needed to do, they were told it would cost money to get the computers unlocked.
Upon getting the notice that it would cost money to fix the computers, the staff members then began getting suspicious and asking questions. At this time is when the callers began getting hostile and abusive. Staff ended the phone conversation and called the ITSD Service desk. Because the computers were locked up, it took a complete computer rebuilt to remove the malicious applications from the computers.
Social Engineering attacks can happen to anyone. The entire event took only a few minutes to completely compromise the computers.
Always be cautious when caller “out of the blue” asks for personal information or directs you to a website. Be very cautious when downloading applications from the internet or links within emails.
Change your passwords frequently and Never give anyone your passwords.
The attached document will provide you additional information on how to recognize and avoid social engineering attacks.
As always, if you have inadvertently clicked on a website or email link that may be suspicious, contact the ITSD Service desk at 768-2930 immediately.