<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif"">Thank you for being a part of OneNet’s cybersecurity listserv. Please share our listserv information with those in your organization who can benefit by receiving this information. Just have
them subscribe by sending their request to <a href="mailto:communications@onenet.net">
communications@onenet.net</a> .<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif"">If you have cybersecurity information to share with the OneNet community, please do not hesitate to post by sending your responses or posts to
<a href="mailto:cybersecurity@lists.onenet.net">cybersecurity@lists.onenet.net</a>.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><a name="_MailEndCompose"><span style="font-family:"Arial","sans-serif"">The following information is from the MS-ISAC on W-2 phishing scams and Business Email Compromise scams.
<b><u>It is especially important for our K12 schools.</u></b></span></a><b><u><span style="font-family:"Arial","sans-serif""><o:p></o:p></span></u></b></p>
<p class="MsoNormal"><b><u><span style="font-family:"Arial","sans-serif""><o:p><span style="text-decoration:none"> </span></o:p></span></u></b></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif"">Due to the substantial increase in W-2 phishing scams, the number of reported data breaches in the first quarter of 2017 already exceeds 80 percent of the total number of data breaches reported
in 2016. Based on the 2016 pattern, the MS-ISAC expects that this scam will decrease in frequency but continue to occasionally target state, local, tribal and territorial (SLTT) governments after April 2017.<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in"><span style="font-size:11.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt;font-family:"Times New Roman","serif"">
</span><span style="font-size:11.0pt;font-family:"Arial","sans-serif"">In 2016, the MS-ISAC identified 68 data breaches, seven of which were related to the W-2 phishing scam.<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in"><span style="font-size:11.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt;font-family:"Times New Roman","serif"">
</span><span style="font-size:11.0pt;font-family:"Arial","sans-serif"">In the first quarter of 2017, the MS-ISAC has already identified 55 data breaches, 37 of which were related to the W-2 phishing scam. Of note, K12 schools accounted for 54 percent of reported
phishing-related data breaches in 2017 to date. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif""> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif"">The MS-ISAC has identified several other variants of BEC scams targeting SLTT including the variant where the impersonated or compromised senior executive account requests that a wire transfer
be issued. These variants do not result in data breaches, but are worth noting as any training or awareness activities should include the wire transfer variant.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif""> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif"">Key indicators of BEC scams include short poorly written messages purportedly from smartphones, spoofed email addresses, requests made when the executive is out of the office, and unusual requests.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif"">Best,<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:blue">Barbara McCrary</span></i><i><span style="font-size:12.0pt;font-family:"Times New Roman","serif""><br>
</span></i>______________________________________________________________________________________________________________________________________________________________________________________<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>