Opening an email that contains malware can lead to an agency having to shut down part of its business for days—even weeks—and a significant loss of productivity. It is vitally important that you understand how to identify and respond to cybersecurity threats, data breaches, and phishing attempts that try to lure you into giving hackers access to DC Government’s network.
Phishing is one of the most common tactics used in online identity theft and cybercrimes. Phishing occurs when a malicious actor tries to get a user’s sensitive information -- usernames, passwords, and financial details.
Tips on how to spot a phishing scam
Look at the email address, not just the sender
Many of us don’t ever look at the email address that a message has come from.
Your inbox displays a name, like ‘Jane Doe’, and the subject line. When you open the email, you already know (or think you know) who the message is from and jump straight into the content.
When the bad guys create their bogus email addresses, they often have the choice to select the display name, which doesn’t have to relate to the email address at all.
Recognize financial threats or offers that seem too good to be true.
DC government will never ask for your money, gift cards or financial information.
The domain name is misspelled
There’s another clue hidden in domain names that provide a strong indication of phishing scams – and it unfortunately complicates our previous clue.
The problem is that anyone can buy a domain name from a registrar. And although every domain name must be unique, there are plenty of ways to create addresses that are indistinguishable from the one that’s being spoofed.
The email is poorly written
This doesn’t apply to all phishing, but often you can often tell if an email is a scam if it contains poor spelling and grammar.
Many people will tell you that such errors are part of a ‘filtering system’ in which cyber criminals target only the most gullible people.
The theory is that, if someone ignores clues about the way the message is written, they’re less likely to pick up clues during the scammer’s endgame.
Report a suspected cyber security threat (for the public)
Report any suspicious emails to your designated phishing team or [email protected].
Report a suspected phishing attempt, smishing or other threat (for DC Government Employees)
If you are a DC government employee or contractor and you suspect you need help verifying an email or text message, visit the reporting page here. (You must be on the DC network or VPN)