It is bad enough when you receive marketing junk mail, but when it appears to be from the Nevada Department of Employment, Training and Rehabilitation, it is even more concerning. The DETR have announced it has been victim to an email phishing scam which has targeted employees, by sending out unsolicited emails asking for a reply. It was reported by News3lv that the goal was to collect personal data to be used for fraud purposes.
The emails came from a “Non official address” such as firstname.lastname@example.org, no one should reply or if possible open the email.
The email starts off by sending notice of bring from the Nevada Department of Employment, Training and Rehabilitation and as a security measure regarding a recent upgrade there are issues with emails.
It then asks the recipient to reply of acknowledgement and wait further instructions.
Of course should a recipient reply to the email, some sort of instructions would be sent to obtain data or personal information to be used for fraud purposes.
So What Exactly is Phishing?
It can be described as a cyber attack using email addresses that look official, to gain the trust of the individual and reply with valuable data. These attacks can sometimes be programmed via a bot, that locates the email addresses within a corporation, then sends our emails form that server. Or emails can be disguised to look like coming from that official company.
Most email client software can recognise when email has been sent in bulk form and can send it into junk mail or even automatically delete it. But if it arrives from a “known server”, then it is more likely to get through.
Official Email Marketing Campaigns
A legal campaign, should only happen from an “opt in” option. In better words the receiver has agreed to accept email from this company by ticking a box, or completing a form. Most email digital market campaigns will come from legitimate addresses pre agreed.
However, receiving mail from an employer is different, and it is assumed that employees will accept and open emails sent to them, so is a good target for cyber crime.