Having trouble viewing this email? View it as a Web page.

?

On March 1st, MSHDA IT sent an email alerting internal staff of an active phishing scam. Another scam is now hitting MSHDA external partners, and it was reported that the actor or actors are impersonating MSHDA staff. Please be alert for phishing emails and rely on your organization?s cybersecurity policy and report any suspicious activity to your company?s IT abuse contact person/department if applicable. Always look out for key words in emails that express urgency, or elicit panic and fear, because that is the intention. Also, check to see that the sender?s email address is a proper MSHDA and State of Michigan (.gov) email account, regardless of how the sender identifies themself. Be suspicious of any unexpected changes to payment instructions that suggest you send payment via new accounts, wiring instructions, or addresses.

Please see additional phishing susceptibility below:

High susceptibility increases the likelihood that cyber threat actors can exploit their target.

After obtaining initial access via a successful phishing attempt, threat actors will often try to take control of their victims.?

Common indicators of phishing:

• Suspicious sender email addresses
• Generic greetings
• Spoofed hyperlinks
• Spelling or layout errors
• Suspicious attachments

IMPORTANT: Never click on links or open any attachments in a suspicious message.

Below are common things that the Department of Technology, Management, and Budget outline to state employees to look for to help determine if an email is suspicious:

• Beware of ALL links and attachments, particularly those in unsolicited emails or texts. Ask yourself why you are receiving this email.
• Scroll over website or email links on workstations. Does the link match the text in the message?
• Avoid following truncated links, such as those from bit.ly or tinyurl. These are often used to disguise malicious links.
• Look out for unexpected attachments from colleagues. If you are unsure, contact the original sender by phone, instant message, or in person to verify it. Don?t forward the email to the person who you think may be the original sender.
• Check for poor spelling or grammar, or strange characters in the message. These are used to get around email filters.
• Beware of unusual file names or extensions for attachments.

Again, when in doubt, follow your organization?s cybersecurity policy. Thank you.

?