Skip Ribbon Commands
Skip to main content

Phishing

Identifying Spam email and Phishing attempts

 

Phishing emails are messages sent by individuals trying to "fish" for personal or financial information. Phishers are getting better every day at making their messages look authentic.  Phishing is the most prevalent method of distributing malicious software (malware) including Ransomware to a computer.   There are two types of phishing emails:

  1. Emails that ask you to reply to the message with confidential information, such as your user ID and password.  Never respond to any email with confidential information.  City of Albuquerque and other legitimate businesses will never ask for this information via email.
  2. Emails that ask you to click on a link to a web page, which then asks you to provide confidential information. Many times these web pages look like legitimate sites, such as Bank of America or PayPal, but they are not. When you provide your login ID and password, this information is captured by the phisher, who can then use it to log into the legitimate site. 

Additionally, The use of malicious links in email is a very common method of distributing malicious software or malware such as Ransomware to a computer.   Many of this malware is designed to encrypt files on your computer and hold them ransom until a payment is made.  On most occasions, if payment is made, the release of the files is never completed.  It is critical to have up-to-date backups of critical data.   

 

What to do if you get a phishing email

  1. Click the "Forward as Attachment" option within Outlook and send it to to phishing @cabq.gov .
    • If you suspect it may be a phishing email, DTI Security can review the message and advise if it is legitimate or not.
    • If you know it is a phishing email, DTI Security can take measures to have the phishing web site taken down or blocked from entering the networked environment.
  2. Never respond to any email with confidential information.  City of Albuquerque and other legitimate businesses will never ask for this information via email.
  3. Use your mouse to hover over links in an email. This will show you the actual website you will be directed to if you click on the link. It is always best to type the address yourself into your web browser, rather than clicking a link in an email.

How to identify a phishing email

 

Phishing emails:

  • May show the sender on behalf of someone else, such as the City of Albuquerque.
  • May look like an authentic business such as a bank or other financial institute.  Financial institutions will never ask for user id, account information or password information via email or unsolicited phone call. 
  • May look like it is coming from technical support.
  • May ask for user name or password verification.
  • May contain spoofed links. Always hover the mouse over any hyperlinks to verify the actual URL is what you expect.
  • May contain fuzzy logo symbols which are not genuine.
  • May not contain email signatures or any contact information.
  • May have bad grammar and capitalization.
  • Generally require you to take quick action, such as verifying your account to prevent it from being deactivated.
  • May provide an opportunity that is too good to be true. 
  • Can be threatening in nature, e.g. “This will happen if you do not respond immediately”
  • May have generalized introductions.
  • May ask for a favor due to a tragic circumstance.

Be particularly vigilant during holidays or significant events since attackers heighten their activity during these times.

 

How to Protect Yourself

 

Here are some best practices that will help protect you and your information:

  • Never provide personal information to an unsolicited source which can come from an email or a phone call.
  • If you are unsure about an email from someone you know or believe to be legitimate, call and verify. Do not call the number in the signature.
  • Beware of messages that claim your account has been suspended.
  • Be suspicious of any email with urgent requests for personal financial information.
  • Never click on a link in an email. Instead, always type the legitimate Web address of the site you want to reach directly into your Web browser.  Hover your mouse over the link to determine the specific url being sent to.  If it looks suspicious, do not click on it. 
  • Be suspicious of email messages and other electronic communications from sources you do not know or recognize.
  • Use the latest versions of your operating system (OS) and applications.
  • Have the latest security software updates (patches) installed. This includes patches for your OS and applications.
  • Keep your anti-virus software up to date.
  • Report any suspicious emails.
  • Save important documents on provided networked drives which are backed up on a regular basis.