In July, the U.S. General Services Administration (GSA) removed Kaspersky Lab from its list of approved vendors for information technology products and services out of concerns that the Russian company might be used by the Russian government to exploit or attack American computer networks. In September, the U.S. Department of Homeland Security issued a directive, following an investigation into the matter, which called for all Executive Branch agencies to cease using Kaspersky Lab products and services; considering the fact that Russian law allows for Russian intelligence agencies to compel assistance from Russian companies to “intercept communications transiting Russian networks…” On Monday, the U.S. Senate voted to remove all Kaspersky Lab products from U.S. government systems within 90 days, as part of the “FY-18 National Defense Authorization Act (NDAA)”.

The North American Electric Reliability Corporation (NERC) is about to issue an official alert to all electric service providers about Kaspersky Lab products and services. Other regulatory entities for other industries managing critical infrastructure throughout the U.S. will soon follow. It is the official IAMU position that our members begin to develop plans to phase out all Kaspersky Lab products and replace them with American equivalents as soon as possible.

If you have any questions, please contact Russell Saffell, Director of Member Security and Critical Infrastructure Protection at rsaffell@iamu.org or by phone at (515) 289-1999. Thank you for your continued efforts to provide and protect municipal utility services in Iowa.

It has come to IAMU’s attention that some members may be receiving phishing emails that appear as if they are coming from IAMU. The emails in question include alleged invoices. IAMU is investigating the origination of the phishing emails. IAMU will keep you up-to-date on this issue as we have more information to share. IAMU is working diligently to ensure continued safe electronic communication with its members. IAMU is also in the process of adding a Security & Preparedness resource page to our website where members can log in to access resources to help better prepare your organizations from physical and cyber security threats as well as other potential natural or man-made disasters.  

If you have received a suspicious email that appears to be from IAMU, please contact Russ Saffell, IAMU Director of Member Security and Critical Infrastructure Protection

rsaffell@iamu.org or by phone at Office: (515) 289-1999, Cell: (515) 971-2653.

Here are some tips for identifying other suspicious email:

Tip 1: Don’t trust the display name

A favorite phishing tactic among cybercriminals is to spoof the display name of an email. Return Path analyzed more than 760,000 email threats targeting 40 of the world’s largest brands and found that nearly half of all email threats spoofed the brand in the display name.

Here’s how it works: If a fraudster wanted to spoof the hypothetical brand “My Bank,” the email may look something like:

Since My Bank doesn’t own the domain “secure.com,” DMARC will not block this email on My Bank’s behalf, even if My Bank has set their DMARC policy for mybank.com to reject messages that fail to authenticate. This fraudulent email, once delivered, appears legitimate because most user inboxes only present the display name. Don’t trust the display name. Check the email address in the header from—if looks suspicious, don’t open the email.

Tip 2: Look but don’t click

Hover your mouse over any links embedded in the body of the email. If the link address looks weird, don’t click on it. If you want to test the link, open a new window and type in website address directly rather than clicking on the link from unsolicited emails.

Tip 3: Check for spelling mistakes

Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.

Tip 4: Analyze the salutation

Is the email addressed to a vague “Valued Customer?” If so, watch out—legitimate businesses will often use a personal salutation with your first and last name.

Tip 5: Don’t give up personal information

Legitimate banks and most other companies will never ask for personal credentials via email. Don’t give them up.

Tip 6: Beware of urgent or threatening language in the subject line

Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorized login attempt.”

Tip 7: Review the signature

Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details.

Tip 8: Don’t click on attachments

Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.

Tip 9: Don’t trust the header from email address

Fraudsters not only spoof brands in the display name, but also spoof brands in the header from email address. Return Path found that nearly 30% of more than 760,000 email threats spoofed brands somewhere in the header from email address with more than two thirds spoofing the brand in the email domain alone.

Tip 10: Don’t believe everything you see

Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it.

Iowa Homeland Security and Emergency Management (HSEMD) and the Iowa Office of the Chief Information Officer (OCIO), have released a notice concerning Kaspersky Lab security products.

Please read the notice here.