There are going to be times you'll receive “SPAM”/”Phishing” emails in your email Inbox. O365/Outlook normally tries to filter these types of emails, but occasionally some do slip through. This is when you should choose to "block a mail sender" so these types of emails route directly to your junk folder and not your Inbox.


Again just a general rule of thumb, if a sender is unfamiliar to you (the sender's email address is usually a dead giveaway that it's SPAM/Phishing email) or if you get an email that just doesn't feel or seem right, when in doubt throw it out! If you've received a Phishing email, please forward a copy of the email to: 
Phishing@sfgov.org and the City's Cyber Security Team will be notified.


Your REC IT department will never send you an email requesting - confidential information ie. login credentials, email password (without your prior consent strictly for support purposes and you will be contacted by phone and/or in person by REC IT staff if this is necessary), emails that appear to be coming directly from Microsoft and/or SFGov with a link for you to take immediate action, PC warnings emails with a high sense of urgency to immediate action like "your PC is infected pay now to fix the problem", emails that ask you to and state "login with your SFGov email credentials or your Outlook will be deleted", emails that ask for your credit card number, emails that ask for your personal & private information such as your home address, name of your first born, pet's name, social security number, banking account information, etc...


Security Alert:  

Targeted Phishing Campaign 


 

To all City Employees, 

 

The City is currently experiencing a sophisticated email cyberattack. All employees must be extra careful when opening emails from outside the city—look for the yellow banner at the top of the email indiciating an external sender. Be aware that this attack is spoofing City, partner, and vendor email accounts and using subject lines from stolen City emails. 

Please be extra cautious. Malicious emails may appear very legitimate while this attack is ongoing.  As a reminder, below are best practices for defeding against phishing attacks:
 

•Do not click on links or attachments from senders that you do not recognize. Be especially wary of .zip or other compressed or executable file types.  

•Be especially cautious when opening attachments or clicking links if you receive an email containing a warning banner indicating that it originated from an external source. 

•Do not provide sensitive personal information (like usernames and passwords) over email. 

•Watch for email senders that use suspicious or misleading domain names, such as m!cros0ft.com. 

•Inspect link addresses carefully to make sure they’re legitimate and not imposter sites. 

•Do not try to open any shared document that you’re not expecting to receive. 

•If you can’t tell if an email is legitimate or not, please contact your department service desk.  

 

This email has been sent to all CCSF employees. 

 



Click the links below for more info:





<< see SAMPLE of legitimate looking SPAM/Phishing Email below >>