Header

Sub Navigation

  Close Menu

Article

CYBERSECURITY ALERT

Indiana state government is attacked daily by cyber threats in one form or another. However, there is currently a serious threat requiring us to be extra vigilant. A hacking group known as PhPhax or Cracka has made it known that they are targeting Indiana government. This group’s preferred mode of attack is through social engineering. This means state workers should be especially alert for phishing messages or phishing phone calls. The group is particularly dangerous because they do their homework. They will target any worker but frequently pursue high-ranking officials and positions that have information about employees. Workers should treat all emails, even from those you might typically trust, with care.

While we raise the alert level for this specific threat we should all be reminded to look out for the typical holiday onslaught of phishing attacks as well. Hackers love to take advantage of the holidays and feast on the abundance of opportunities. Hackers realize that between sales advertisements, seasonal electronic cards, cute pictures, and assorted other electronic holiday communications, people may be enticed to let their guard down. Be extremely wary of anything that is too good to be true or sensational.

IOT has a couple of noteworthy email protections in place on the email system that can help you identify these threats. The first is the External Warning Banner. This banner is placed on the top of all email messages coming from an email source outside of the state government. If a message comes to you and it purports to be from someone in your agency, IOT, or another agency, yet it has this red text, it is almost assuredly a phishing message. The other identifier that might help is the word [Bulk] in the subject line. [Bulk] in the subject line does not necessarily indicate the message is malicious. It does mean that a particular message came to a large number of users in the state email system. This is typical of spam and phishing messages.

Over the next few weeks, even more than usual, apply caution and care to email communications. Do so at work for the safety of citizen data and at home to protect your own personal financial circumstances. If you encounter anything of concern or that requires assistance, please notify your manager or the IOT Help Desk http://iot.in.gov/hda or (317) 234-HELP (4357).