• Increase font size
  • Decrease font size
  • Print
  • RSS
  • Information Technology Department (ITD) conducts phishing awareness campaign

    Notice anything 'phishy' in your inbox lately? In recent months government enterprises have seen a rise in the volume and sophistication of phishing emails - emails designed to deceive you into installing malware, providing sensitive information, or even wiring money to a hacker's account. To help combat this threat, Pima County ITD has partnered with a world-class security company to develop and run a phishing awareness program. 
     

    What did we do?

    Stop handThis is part of a state-wide initiative, with approval from County leadership, to replace the in-house tools and smaller campaigns previously developed and executed for this purpose. Using the new vendor-provided solution, ITD conducted a simulated phishing campaign in September as part of a county-wide baseline test, to assess the current state of phishing awareness across Pima County. The campaign was designed to target Pima County employees with carefully selected emails which were designed to appear like legitimate communications but which, when examined carefully, could be seen to be fraudulent. Anyone who clicked on the links or attachments were directed to a window explaining the nature of the email, and showing any warning signs they might have missed. 

    Why did we do it?

    Phishing emails are frequently the first phase of a cyber-attack, and are used to install malware or steal sensitive information. Often attacks like these can evade security systems and remain undetected for weeks, or even months, when resulting additional compromise results in a full-scale ransomware or other attack.

    For this reason, user awareness provides a crucial first layer of defense in preventing potentially crippling attacks on our network. The phishing campaign was designed to measure how well users could recognize the warning signs in a fraudulent email and avoid the possibility of allowing malicious actors into our network.


    What did we find out?

    Authorize warningITD was pleased to learn that 90% of Pima County users were not misled by simulated phishing emails which were designed to appear quite authentic. According to vendors in the industry, Pima performed 15% better than the average for a government enterprise of our size. While this is great news, phishing campaigns are rapidly advancing in sophistication and the appearance of authenticity.
     

    What can you expect going forward?

    ITD will continue to conduct periodic phishing campaigns in the future. In addition to this, ITD and HR will be collaborating on a training program to increase user awareness of phishing and other email-based fraud. In the meantime, remember to think before you click! If an email doesn’t look right or you don’t recognize the sender, always proceed with caution.

    As with well-known attacks, such as Emotet, a phishing email could even be a response to a legitimate email from someone you know. Look carefully at any link or attachment before you open it. Be doubly careful before you enter your username and password on any sign-in page that you open from an email, or before replying to an email requesting payment or sensitive information.

    When in doubt, you may always contact the Network Operations Center (NOC) at 520-724-8471 if you think an email may be suspicious.
    Follow UsShare this page

    Communications Office

    130 W. Congress
    Tucson, AZ 85701

    (520) 724-9999

    Monday - Friday 8 a.m. - noon and 1 - 5 p.m., except on holidays.


    Department Home Page
    Department News
    Department Feedback Form
    Subscribe to Pima County FYI Newsletter
    Volunteer with Pima County