Cybersecurity - UNION COUNTY

Cybersecurity

Jason Fouts — Tue, 05 May 2026 21:05:15 +0000

Staying safe online

Please use the links on the left for important tips on staying safe online.

It is important to always hover and identify all links before clicking. You must however, know How To Read a URL in order to properly identify the link. Hovering is the practice of hovering your mouse over a link without clicking. Doing so will display the actual link destination addres for verication. Hovering without a mouse, such as on a mobile device works a little different and can be a little tricky. It is best to save any hover work for a device that does have a mouse.

Malicious emails are one of the most effective methods for causing havoc. See our Spam Identification section for important tips on recognizing them.

Always use the Email Best Practices when sending or verifying messages.

Hover Example

The post Cybersecurity first appeared on UNION COUNTY.

Spam Identification

Jason Fouts — Tue, 05 May 2026 20:01:29 +0000

While there are many spamming methods, there are two main types of spam which are Advertising and Malicious.

Advertising Spam

Advertising spam can be extremely irritating by filling up your inbox on a daily basis, but usually the messages are in fact from legitimate companies that you have unknowingly subscribed to. Often these messages begin when you order something online from a legitimate company. During the order process there is usually an inconspicuous checkbox that says something to the effect of ‘Please send me notices about news & special offers’. Unless you want to receive those potentially annoying messages, you will need to hunt this checkbox down and uncheck it. Not so surprisingly, once you are on a company’s mailing list, your information is often also shared with any of its partner agencies such as advertising firms & sub-companies. Soon thereafter you end up with an inbox full of ads from multiple companies who also share your information. Most of the spam that makes it to your inbox is advertising from legitimate companies.

The good news about legitimate Advertising spam is that it is usually painless to stop. Any legitimate company should include in its message a method to Unsubscribe. Sometimes it may be a link, other times it may be an email message sent to a certain address. The Unsubscribe options that are included in messages from legitimate companies are safe to use, and usually the messages stop within a day or two, but sometimes as long as a week.

Occasionally you may see an advertising message make it to your inbox which is not from a legitimate company. These are usually easily recognizable and offering a amazing deal on something you may have little interest in. You would not want to use any Unsubscribe methods on a message that is not from a legitimate company.

Legitimate companies can also be faked. Paypal, Amazon, Fed-Ex, and banks are among the frequently faked companies. One method for identifying fakes is by paying attention to the address that pops up when you hover the mouse over a link. If your message includes the real looking Paypal logo hover over the link without clicking and look for an address in the form of https://paypal.com/recentorders. If the link shows something completely different like http://sendusyourmoney.cn/orelse , or perhaps a misspelling such as https://payapal.com/please/and/thank/you then there is a good chance that it is a fake. Of course you would not want to try to Unsubscribe from one of these fakes either.

Any messages that slip through the filters that are not from a legitimate company should be forwarded ‘as attachment’ to your IT department.

Any spam that continues to come in from a legitimate company after a week from using their Unsubscribe method should be forwarded to your IT department so that they can blacklist them for not playing nice.

Advertising spam review:

All legitimate companies should include an Unsubscribe method which is safe to use.
Not all messages with an Unsubscribe method are from legitimate companies.
Watch out for fakes of legitimate companies.
Use the hover method on links for proper identification prior to clicking.

Malicious Spam

Most of the malicious type spam is filtered out before it makes it to your inbox. For this reason, the ones that do make it through can be difficult to identify. To be safe you will need to be able to recognize the main types of malicious spam which are spoofing, phishing, and malware.

Spoofing

Email spoofing is the practice of forging an email. One of the reasons that email should never be considered secure is because anyone can easily use literally any name and address they like in the ‘From:’ field. With so much of our information out on the web and social media, it is not difficult for spammers obtain the information needed to run a successful spoofing scam.

Example & Prevention

Imagine receiving the following email from your sister Sally back East who checks in regularly on your dad who is in a nursing home.

From: Sally Smith(sally.smith@verizoneast.com)

To: Sammy Smith(sammy.smith@verizonwest.com)

omg help! we need to pay dads nursing home bill before the end of day or they will move him back over to south wing!!!!. they need 5000. I only have 3500 of it until next friday. please can you wire over the remaining 1500 and I will pay you back next week

BankAmerica

acct# 5555-5555-5555-5555

route# 4444-44444

let me know as soon as it is done

i will call you tonight to explain everything

The scary thing about this is that the bad guys can get all the information needed to pull off a scam like this from free online sources such as Facebook & Google. To prove the point, next time you are on your home computer, try doing a search for “Happy Birthday” on Facebook. Pick a random birthday wish with many shares, and then pick a random person that shared the wish with a sibling, parent, or child. Once you have found a family whose pages are open to the public, take a look at how much you can learn about their family just by scouring their social media pages, and doing a few Google searches.

Using your best practices checklist would help to identify a forged message such as this. If Sally and Sammy had made it routine practice to simply include the same signature every time, a message like this would never be convincing. The lack of proper grammar would be the next tip off, and lastly the urgency of the message.

Phishing

Email phishing is practice of tricking their victims into providing information. This information can then be saved for later and used for things such accessing your online bank accounts, identity theft, and other fraud. Phishing and spoofing often are used together in order create an even more authentic look.

Example & Prevention

One common phishing attack involves setting up a fake site that looks identical to your banks official website. They then send you an official looking email warning you of suspicious activity and asking you to login and verify that your accounts look normal. They also include a convenient link that takes you to their fake site. Once you land on their fake site and attempt to login as you normally would, they warn you to double check the password entered then redirect you over to the official website. In doing this, they have obtained your bank login credentials, and since you are now logged into your bank where you can see your accounts, you are convinced that the message was legit, and all is well.

Using your best practices checklist would help to identify the phishing scam by hovering over the links and verifying the address before clicking. When it comes to sites that require a login, such as banks, don’t use links from the email instead find it in your favorites, or memorize the address. Also be very careful not to mistype web addresses as this will often lead you to a faked phishing site.

Malware

Malware spam seldom makes it to the users inbox these days, but it does still happen. Spammers can send a file attachment that appears to be a normal file, but includes a virus, worm, or Trojan. Often these files are simply a Microsoft Word or Excel document with malicious macros. Messages with malware are usually very informal and provide very little information about the attachment. They often include horrible grammar and many misspellings. Malware spam can be easily identified by using your best practices checklist.

If an attachment ever pops up with a prompt asking you to ‘allow’ an activity or macro, the correct answer is to ‘not allow’, then forward the message to your IT department for closer examination if you believe it may be legitimate.

Summary

Malicious spam can be very costly to an organization. Costs can involve significant amounts of money in addition to critical data loss. Spam cannot be completely prevented therefore the best defense we have is to educate ourselves on its identification.

Memorize the best practices checklist and apply it to all incoming and outgoing messages.
Advertising spam is mostly harmless and can usually be prevented.
Learn to recognize the different types of malicious spam and handle them accordingly.
It is better to be safe than sorry. If you receive a questionable message forward it on to your IT department to be examined.

Best Practices Checklist

Subject line is appropriate
Proper opening salutation
Proper grammar used
No spelling errors
Description of, or reasoning for attachments/links
Signature including contact information
Hover over links to verify authenticity before clicking

The post Spam Identification first appeared on UNION COUNTY.

Email Best Practices

Jason Fouts — Tue, 05 May 2026 19:18:21 +0000

It is essential to understand, use, and expect some basic email best practices in order to prevent the costly mistake of interacting with spam. Using these practices helps to create a safe email environment for both the sender and receiver.

Do not skip the formalities

It is easy to get into the habit of skipping formalities especially with those whom you email regularly. This can be extremely dangerous. Anyone with a desire and a quick google search can create a fake ‘From:’ name and email address. Doing so can make an email look like it is coming from someone familiar to the recipient. Using all of the formalities on a regular basis helps others to identify that you are actually who you say you are.

Use a descriptive yet brief subject line.
Open the message with a proper salutation addressing the person(s) you are sending to even if it is something as simple as “Hi Fred”. When sending to a group of people, if possible try to address everyone in the group with something such as “Good Morning Chamber of Commerce Members”.
When sending an attachment or link, describe what it is for with something such as “Here is the requested deed for Ref#12345”, or “Here is the link to access our official website https://unioncountyor.gov”
Use a standard signature. The signature should include your name, title, and contact information

Etiquette

Use proper grammar.
Avoid misspelling with spell check and proof reading.
If sending a message using a mobile device add a line such as ‘Sent from my mobile’ to the top of your signature. While doing so does not excuse poor grammar or spelling, it does let the recipient know that there is more of a potential for mistakes.
Avoid jargon such as ‘lol dude cu later’.
Keep the message professional.
Reply to all legitimate emails, even if it’s just a simple ‘Thank you’, or ‘I will be working on this next week’. This confirms to the sender that not only did you receive that message, but you read it as well. It is also just polite, so that sender does not need to wait and wonder if the message was delivered.
Let the recipient know the purpose of your email. Do not assume that a phone conversation last week means that they have been on the edge of their seat awaiting your email.
Do not send email urging an immediate response. Email should not be relied on for urgent issues, and immediate response requests are one of the red flags for identifying malicious spam.

Is all of this really necessary?

Yes! Following these best practices helps us to identify each other by more than just an email address. Just as you can learn to tell who is talking behind you by the tone of their voice, you can learn to identify fake senders by the email’s content and the way it is worded. Spammers are typically laidback when it comes to professional details. While they may get your name right, and possibly some of the other formalities, it is unlikely that they will get everything right. It is this laid-back practice that helps us to identify spammers.

Best Practices Checklist

Subject line is appropriate
Proper opening salutation
Proper grammar used
No spelling errors
Description of, or reasoning for attachments/links
Signature including contact information
Hover over links to verify authenticity before clicking

This list should be applied to all outgoing messages, and also be used to help identify the authenticity of any incoming messages.

With every missing checkmark on your list, your suspicion level about the message authenticity should rise.

The post Email Best Practices first appeared on UNION COUNTY.

How to read a URL

Jason Fouts — Tue, 05 May 2026 19:02:46 +0000

How to Read a URL (Uniform Resource Locator)

The most relevant information, the domain sits between the first sets of slashes.

Specifically, the last period in the space between the first sets of slashes will be surrounded by two strings, such as amazon.com or union-county.org or google.com. This is the domain which is the actual site you are visiting.

It is important to be able to identify what domain you are in, as deceptive emails will send you to places that look like trusted domains, but are actually phishing sites.

The post How to read a URL first appeared on UNION COUNTY.