09/08/25 Email

 

Hi Team,

 

Scammers are always looking for new ways to trick people. Here are a few quick tips to help you stay safe:

🚩 Watch Out for These Scams

• Fake emails or calls pretending to be banks, the government, or IT asking for urgent action.
• Requests for unusual payments like gift cards, wire transfers, Zelle, or crypto.
• “Too good to be true” deals or strangers asking you to send money back after an “accidental payment.”

✉️ Spot Phishing Fast

• Check for typos, odd language, or email addresses that look slightly off.
• Don’t click unexpected links or open suspicious attachments.
• When in doubt, verify through a trusted phone number or website.

🛡️ Protect Yourself & Goodwill

• Never share passwords, gift card codes, or account info over email/text.
• Use strong passwords and enable MFA wherever possible.
• If you get a suspicious email, forward it to IT at [email protected] right away.

🔗 Helpful Resources:

• FBI – Common Scams & Crimes
• Chase Security Center
• NSA Cybersecurity Advisories
• Goodwill IT Security Articles

 

Stay alert and cautious, your awareness is one of our best defenses.

 

 

04/11/25 Email

 

 

📘 🚨   🚨 📘

 

The IT Team wants to bring to your attention a growing cybersecurity concern affecting organizations across Europe: an increase of targeted attacks by a threat group known as Scattered Spider.

📌 What You Need to Know

1. Scattered Spider Threat Group

• Scattered Spider is a sophisticated cybercriminal group known for social engineering tactics and targeting employees through SMS phishing (“smishing”) and phone-based scams (“vishing”).
• They have been active in Europe, compromising corporate networks by gaining access to credentials and escalating privileges to execute ransomware attacks or data theft.

🚨 How to Stay Safe

• Think before you click. Do not open unexpected attachments or click on suspicious links.
• Verify requests. If an email or message asks for sensitive information, confirm it through a known and trusted channel.
• Report incidents immediately. If you suspect a phishing or social engineering attempt, contact the IT/security team right away.
• Use strong, unique passwords. Enable multi-factor authentication (MFA) wherever possible.

📘 Learn More

We recommend staying informed by reading [internal security bulletins] or attending one of our upcoming cybersecurity awareness sessions (details to follow).

Your vigilance is key to protecting our organization from cyber threats. Thank you for staying alert and practicing good security hygiene.

 

 

📘 Best Practices for Internet Security & Phishing Awareness

🎯 Purpose

To educate and guide users on identifying phishing threats, staying secure online, and applying leading cybersecurity protocols — including recommended practices from the NSA (National Security Agency) and other credible institutions.

 

🛡️ GENERAL INTERNET SECURITY BEST PRACTICES

🔐 Password Hygiene

• Use long, complex, and unique passwords for each account.
• Enable multi-factor authentication (MFA) wherever possible.
• Use a reputable password manager to store and generate secure credentials.

🌐 Safe Browsing Tips

• Only visit HTTPS-secured websites.
• Be cautious with pop-ups and fake "support" pages.
• Never download files or software from unknown sources.

📥 Software & System Updates

• Regularly update operating systems, browsers, and antivirus tools.
• Enable automatic updates for critical software.
• Remove unused applications and browser extensions.

 

🧑‍💻 PHISHING AWARENESS

🎣 What is Phishing?

Phishing is a form of cyberattack where criminals impersonate legitimate entities to steal sensitive information — such as login credentials, banking info, or personal details.

🚩 How to Spot a Phishing Email or Message

• Sender's address is slightly off (e.g., [email protected])
• Spelling and grammar mistakes
• Urgent language (“Your account will be closed!”)
• Suspicious links (hover to preview before clicking)
• Unexpected attachments or payment requests

 

📱 COMMON SPAM TEXT SCAMS

Here are examples of spam text messages to watch for:

 

🚨 Example 1: Fake Toll Service Scam

“EZ-Toll Notice: Your unpaid toll of $12.48 has been reported. Pay immediately at www.tollclearance-now.com to avoid fines.”

🚫 Tip: Legitimate toll agencies don’t send texts like this with links. Always verify via the official state toll site.

 

🚨 Example 2: Fake Package Delivery

“FedEx: Your package couldn’t be delivered. Click here to reschedule: fedex-updateinfo.com”

🚫 Tip: Never click unsolicited links. Go to the official website and input your tracking number.

 

🚨 Example 3: Bank Alert Scam

“Chase Alert: Unusual activity detected. Verify your identity at chaseverifynow.com”

🚫 Tip: Banks do not ask for info via text or email links. Contact them through the official app or website.

 

🔒 NSA-RECOMMENDED SECURITY PRACTICES

The NSA publishes regular guidance to help protect both government and civilian users. Key recommendations include:

✅ Mobile Device Best Practices

• Turn off Bluetooth and Wi-Fi when not in use.
• Don’t connect to public charging stations (use data-blocking cables).
• Use mobile device management (MDM) in organizations.

✅ Secure Communications

• Use end-to-end encrypted messaging apps (like Signal).
• Avoid discussing sensitive topics on untrusted platforms.
• Be cautious with metadata — even encrypted content can leak context.

✅ Network & Device Hardening

• Use VPNs to encrypt traffic on public networks.
• Disable unused ports/services on devices.
• Apply zero trust principles — no device/user is automatically trusted.

You can read the latest NSA Cybersecurity Advisories here.

 

📎 QUICK CHECKLIST FOR USERS

✅ Don’t click suspicious links or attachments
✅ Use MFA everywhere possible
✅ Keep software and systems updated
✅ Don’t share sensitive info via email or text
✅ Use a VPN on public Wi-Fi
✅ Be skeptical of unexpected messages with urgency
✅ Report phishing emails or texts to your IT team or service provider

 

🆘 What To Do If You’re a Victim

1. Disconnect from the internet
2. Change passwords immediately from a secure device
3. Notify your bank or credit card provider
4. Scan your device for malware
5. Report phishing attempts to:
   • Contact the IT Team: Call 302-504-1739 or Email, [email protected]
   • Submit a Help Desk Ticket: Login - Goodwill Delaware Help Desk