As you may have heard in the news last week, a very serious vulnerability was disclosed in Microsoft Exchange Email servers that are hosted on premise in companies, governments, and organizations around the world. Thankfully, we have migrated to Office 365 and Exchange Online which were not susceptible to this attack. However, with so many Exchange servers around the world being successfully attacked (tens of thousands), we may see an uptick in phishing and other malicious emails from the outside. So we need to be even more vigilant when dealing with external email. If you think you have received a phishing or malicious email, please contact the Help Desk.
In particular, be on the lookout for links to websites that ask you to login with your Windows credentials (we have to be certain that it's legitimate) and for emails asking you to change Wire or ACH money transfers. If there's any doubt at all, please contact the sender through a different form of communication such as the telephone to verify that it is a legitimate message.
In addition, we are currently implementing some new software that will add an additional layer of protection against phishing emails. This will also include a button that will be rolled out in Outlook for easy reporting of suspicious email. This system should go live soon but we will provide an additional communication once it has been placed into service.
Thank you for your help in protecting our City against cyber threats!
For further information, please see these links:
How China’s attack on Microsoft escalated into a “reckless” hacking spree
Microsoft Exchange Server hacks ‘doubling’ every two hours