Message from the Kentucky Office of Homeland Security:
We have received reports that unknown cyber threat actors are sending phishing emails from a Kentucky emergency responder organization. So far, the emails share these characteristics:
- Email will be from an actual address, not a clear spoofed address. (But your experience may vary)
- Text content is brief and simple. Possibly prompting you to “click” or “review” something in a link or attachment.
- Docusign or Google Drive may be referenced.
- There will be a link or attachment to click. DO NOT CLICK ANYTHING
What should you do?
- Do not click any links or attachments.
- Notify your IT staff.
- Your IT staff should report the incident(s) to the FBI Internet Crimes Complaint Center (FBI IC3). There is a simple form on their webpage.
- If you feel like you received something that fits this description but may not be phishing:
- Notify your IT staff anyway before you click on something
- Call the sender at a number you already have saved somewhere else on your computer or phone. Confirm the sender actually sent the email, confirm the date and time the email was sent, the message content and that the sender actually needs what is requested.