Best business practice is to train the user community. There are specific characteristics of phishing that average users can identify. When you have 1,000 bleary eyed cops and several hundred firefighters if the user community, the IT org is getting calls about phishing or malware 7 x 24. The best program I’ve used is https://www.knowbe4.com/ KnowBe4 is an entire testing and education program to train a user community. I have recommended it for several years and am personally trained. Check out the website - there is some good free training there. Awareness is good. What’s troubling is the behavior where people clicked before being sure. Why would you do that? The Colonial Pipeline, JBS, and many more organizations were phishing penetrations. The actual click happened months ago. The bad actors make sure the Trojan permeates all backups so there is no avenue of recovery. Who things I’ve been told in FBI briefings about these folks is that they are patient and they have great customer service. Send them Bitcoin and they’ll decrypt your data in short order. Let’s not make it easy for them. 73, Mickey N4MB ________________________________ From: arrl-odv <arrl-odv-bounces@reflector.arrl.org> on behalf of Arthur I. Zygielbaum <aiz@ctwsoft.com> Sent: Wednesday, June 16, 2021 5:24:43 PM To: Minster, David NA2AA (CEO) <dminster@arrl.org>; Carlson, Kermit, W9XA (Dir, CD) <W9XA@yahoo.com>; arrl-odv <arrl-odv@arrl.org> Subject: [arrl-odv:32499] Re: Phishing attempt emails Probably better to be careful and even oversensitive on phishing and scams. But the key feature is to check the website (either printed in plain text or shown as the hyperlink) and whether the link leads to a download of a file. This one definitely lead to arrl.org and requested no additional information. So I did not think it was phishing. Good to stand down. Kermit, thanks for being careful and concerned. 73, Art On 6/16/2021 3:34 PM, Minster, David NA2AA (CEO) wrote: This is absolutely NOT phishing. This is, as was discussed at the Exec Comm meeting, the effort of membership to automate contact with Life Members to see if we can get them to respond to a request to confirm their membership data. This functions two ways: * Confirm they are alive * Confirm their information is correct There is no danger from this email. Who in the world said this was phishing from HQ??? From: arrl-odv <arrl-odv-bounces@reflector.arrl.org><mailto:arrl-odv-bounces@reflector.arrl.org> On Behalf Of Kermit Carlson via arrl-odv Sent: Wednesday, June 16, 2021 2:44 PM To: arrl-odv <arrl-odv@arrl.org><mailto:arrl-odv@arrl.org> Subject: [arrl-odv:32479] Phishing attempt emails Hello ALL - I have attached a PNG screenshot of an email that is making the rounds to inboxes thoughout the Central DIvision. I have confirmed with HQ that this is indeed phishing, Several indications such as the actual link that is behind the blue "link" in the email indicated a problem. I wonder how many other might have seen this ? 73, Kermit W9XA p.s. Perhaps a warning on the website ? _______________________________________________ arrl-odv mailing list arrl-odv@reflector.arrl.org<mailto:arrl-odv@reflector.arrl.org> https://reflector.arrl.org/mailman/listinfo/arrl-odv