In the last 36 hours we've seen a number of reports of a phishing attack under the guise of a Fed-X delivery notification, The messages are particularly concerning since they appear to contain the recipient SSN and phone number. This tends to make the recipient believe the email is genuine. CORSA members are advised to notify all member computer users to be on guard for the new attack and remind everyone of the ongoing critical level of cyber-attacks overall. Recommendations include: * Initial Training of all new employees on cyber security * On-going refresher cyber training for all employees who access the internet on any kind of device * Updated, properly configured security software and firewalls on all member equipment * Cyber security policy adoption and implementation member wide. CORSA University provides easy, no cost training, including cyber, to all member employees, CORSA university can be accessed at: https://www.localgovu.com/products/learn/?t=corsa The CORSA model Cyber Policy and Best Practices can be accessed and downloaded at the CORSA website: http://www.corsa.org/ For more detailed information CORSA members also have access at no cost to eRiskHub: https://eriskhub.com/ This site contain a wealth of constantly updated cyber security information. For specific information on Phishing attacks I am attaching guidance from US-CERT, United States Computer Readiness Team, Department of Homeland Security https://www.us-cert.gov/ James Hale, ARM-P, ARM-E, CPSI Risk Control Consultant County Risk Sharing Authority 209 East State Street Columbus, OH 43215 614.246.1630 FAX 614.220.0209 " The leader in providing Ohio Counties with exceptional value, service, and protection of assets." CONFIDENTIALITY NOTICE: This e-mail message (including any attachments) is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy this message and all attachments.