Wednesday, December 06, 2017

What does an official notification look like?

As I've read about what went on during the 2016 Election and recently about data breaches, the term 'notice from officials' is thrown about. So a public official (a Senator or Member of Congress) is the target of a hacker, entities within the US Gov't know this and then notify that individual. But what does that notification look like? What is an official channel? And just as importantly, how does the US Gov't notify a business or private entity (let's say a campaign)?

Day after day we see dozens of "official notices" that turn out to be spam or worse, phishing attacks. So how do you tell the difference between what is real and what is a "fake" notice and a spear phishing attack? How does the US Gov't notify an entity that they are the target of an attack, via an email? How about a phone call where the Caller ID shows as unidentified. Does it take a person with an FBI badge showing up to your office and telling you that your company has been targeted for an attack? The next question to ask is, once notified, does that information become public? If you've been hacked and there's been a data breach the first thought of the company might be they have to keep it quiet. But if it was the FBI, DHS or some other three-letter-agency that informed you of the breach, does news about the breach get out to the public?

I'll ask the question again, what does an official notification look like?

- Rob

No comments: