NYCHA Now

NYCHANow chronicles the hard work of the men and women who make the New York City Housing Authority run, reporting the latest news and happenings.

NYCHA Now
How to Spot a Phishing Scam
IT News and Notes November 2017 

Think Before You Click

Michael Corwin

How to Spot a Phishing Scam

Early this month, a NYCHA employee received a suspicious email and contacted the NYCHA Information Security Hotline at (212) 306-8006.

Phishing emailHere’s why the email looked suspicious:

  • The email looked like it came from Dropbox, but there were some unusual markings on the letters ‘r’ and ‘x.’
  • The employee did not recognize the sender: jandrews@andrewsconverting.com
  • The text of the email requested that the recipient review and sign two documents the employee was not expecting:
    (1) Invoice_020217.pdf
    (2) Contract_Agreement_2093.pdf
  • Mousing over the Review & Sign button revealed that the URL was in India. NYCHA does not work with foreign entities.

Link to IndiaNYCHA’s Information Security and Risk personnel checked the URL associated with reviewing and signing the documents. Six of the tools they consulted confirmed that this URL was a malicious phishing site.

Phishing verificationThey instructed the employee to delete the email.

Delete email…and thanked the employee.

Thanking employeeIf you have questions about a suspicious email, please contact the NYCHA Information Security Hotline at 212-306-8006. Remember, you are the first line of defense against an attack – think before you click.