Think Before You Click
Early this month, a NYCHA employee received a suspicious email and contacted the NYCHA Information Security Hotline at (212) 306-8006.
Here’s why the email looked suspicious:
- The email looked like it came from Dropbox, but there were some unusual markings on the letters ‘r’ and ‘x.’
- The employee did not recognize the sender: jandrews@andrewsconverting.com
- The text of the email requested that the recipient review and sign two documents the employee was not expecting:
(1) Invoice_020217.pdf
(2) Contract_Agreement_2093.pdf - Mousing over the Review & Sign button revealed that the URL was in India. NYCHA does not work with foreign entities.
NYCHA’s Information Security and Risk personnel checked the URL associated with reviewing and signing the documents. Six of the tools they consulted confirmed that this URL was a malicious phishing site.
They instructed the employee to delete the email.
…and thanked the employee.
If you have questions about a suspicious email, please contact the NYCHA Information Security Hotline at 212-306-8006. Remember, you are the first line of defense against an attack – think before you click.