New Outlook Phishing Alert Button (PAB)

We are releasing a Phishing Alert Button (PAB) to both Outlook and the Office 365 web client. This feature will make it easier to report suspicious emails to BTS for review and take necessary action. Clicking on this button will report the suspicious email to BTS and delete the email from your mailbox. No further action is required from the user, like forwarding the email or opening a helpdesk ticket to report the suspicious email.

The below pictures show this feature option in different email clients.

Key Takeaways:

• New button added to the Outlook      and browser clients
• Clicking on the button will      report the e-mail to Helpdesk and Information Security
• Clicking on the button will      delete the email
• Clicking on the button for a suspicious e-mail, will not generate a helpdesk ticket
• E-mails reported in a pop-out      window will need to be closed manually

The button does not replace the reporting requirement if you click the link or open the suspicious email's attachment 

• Please reference QA Knowledge Article KCS6539
• Please reference Knowledge Article KCS6613
• Please      reference Escalation Article KCS6607

https://www.zdnet.com/article/this-botnet-has-surged-back-into-action-spreading-a-new-ransomware-campaign-via-phishing-emails/

The content below is directed at state agencies, however is relevant to City of Portland employees. Some of our co-workers, friends and colleagues are on unemployment. Some of our co-workers, friends and colleagues are in Washington State and may be affected.

Also, this is an example of how fraudsters will find ways to exploit any process where they can steal money or information. Are there City of Portland processes that could be similarly attacked? If you have a concern, please contact BTS Information Security so we can provide security expertise and tools.

Massive Fraud Against State Unemployment Insurance Programs

The United States Secret Service has received reporting of a well-organized Nigerian fraud ring exploiting the COVID-19 crisis to commit large-scale fraud against state unemployment insurance programs. The primary state targeted so far is Washington, while there is also evidence of attacks in North Carolina, Massachusetts, Rhode Island, Oklahoma, Wyoming and Florida. It is extremely likely every state is vulnerable to this scheme and will be targeted if they have not been already.

In the state of Washington, individuals residing out-of-state are receiving multiple ACH deposits from the State of Washington Unemployment Benefit Program, all in different individuals’ names with no connection to the account holder. A substantial amount of the fraudulent benefits submitted have used PII from first responders, government personnel and school employees. It is assumed the fraud ring behind this possess a substantial PII database to submit the volume of applications observed thus far.

This fraud network is believed to consist of hundreds, if not thousands, of mules with potential losses in the hundreds of millions of dollars. The banks targeted have been at all levels including local banks, credit unions, and large national banks.

City of Portland Cybersecurity highlights:

• The City continues to protect and manage City technology networks, servers and computers with robust security capabilities. The City is able to protect laptops even when they are 'off' the City network.
• Please remember that on Wednesdays to leave your laptops powered on so that they can collect the patches and updates they need.
• In addition, BTS teams are deploying expanded secure remote access services (VPN) and encouraging all City employees to use Office-365 access whenever possible.

COVID-19 Websites Cyber threats

Not all COVID-19 websites are safe. 48,000 COVID-19 related web domains have been registered this year.

Scammers are eager to cash in on the pandemic.

If you'd like the scary details, Sophos has an article for you: https://news.sophos.com/en-us/2020/03/24/covidmalware/

• For all Oregon Health related COVID-19 resources please check the City of Portland's main page for COVID-19 links. https://www.portlandoregon.gov/

FBI resource:   https://www.fbi.gov/coronavirus

COVID-19 Malware and Ransomware threats

Not only are there misleading websites there are a myriad of malware and ransomware threats. Several links are included, below, to narrow your research.

Quick To Do List:

• Don't Click on unfamiliar hyperlinks
• Don't download unsolicited attachments
• Don't provide confidential information without verifying the request
• Remember that BTS HelpDesk will never ask for your password
• Remember that no one should ever ask for your username and password, or ask to use them. Ever.
• Contact the HelpDesk immediately if you think you may have been phished. 503.823.5199

COVID-19 malware and ransomware resources:

https://www.bleepingcomputer.com/news/security/new-coronavirus-themed-malware-locks-you-out-of-windows/

https://www.bleepingcomputer.com/news/security/new-coronavirus-ransomware-acts-as-cover-for-kpot-infostealer/

https://www.itproportal.com/news/new-coronavirus-malware-trashes-windows-pcs/

https://blog.checkpoint.com/2020/04/02/coronavirus-update-in-the-cyber-world-the-graph-has-yet-to-flatten/

Be safe when you go outside, and when you go online.

+++

https://www.bleepingcomputer.com/news/security/coordinated-ransomware-attack-in-texas-hits-23-local-governments/