IEMA Announces Phishing Scheme
With Illinois moving more and more to electronic communication, the door is opened wider for phishing and other harmful activities. Earlier this week, the Illinois Emergency Management Agency (IEMA) was notified that many physicians and x-ray machine owners were sent an email regarding “Licencing [sic] Accreditation [sic].” This message was NOT from IEMA. Instead, it was a phishing scheme.
Although proper registration and inspections are required for those with x-ray machines and other nuclear imaging systems, this notification contained several indications that it was not a valid communication: 1) Misspellings in the Subject Line; 2) it came from an email address that was not an Illinois.gov email.
Please disregard that notice.
The Illinois Chiropractic Society spoke with Don Agnew with IEMA on Wednesday, and IEMA has issued the following statement:
The Illinois Emergency Management Agency is aware of a potential phishing email scheme aimed at registrants. Please be advised that messages with the subject line “IEMA Licencing Accreditation Update” appearing to be from IEMA Director James K. Joseph but with a non-illinois.gov email address, are not valid and should not be opened.
We apologize for any inconvenience this may have caused and want to assure you we are actively investigating this matter with the Illinois Department of Innovation and Technology. Should you have any questions or are unsure about any emails, please contact Don Agnew (217.785.9975; Don.Agnew@illinois.gov) or me.
Adnan G. Khayyat, Chief
Bureau of Radiation Safety
Illinois Emergency Management Agency
Phishing is a type of identity theft, where a hacker pretends they are someone else. By utilizing personal information, such as names and titles, they attempt to gain access to private information, con money, or perform other illegal, malicious activities.
Quick tips to help detect and prevent phishing scams (this list is not exhaustive):
- If an email is asking for confidential information, you can contact the actual company or state agency by other means. In other words, go to the state agency website directly from information that you already have and did not obtain in the email you received. For example, you could go to www.idfpr.com directly for the Illinois Department of Financial and Professional Regulation.
- Do not allow scare tactics to cause you to release information that would not normally release. You may always demand that requests be made in writing on company or department letterhead.
- Generalized and generic requests are more suspect.
- Never submit information through forms embedded in emails. Entries made through these types of forms are not normally secure.
- Do not click on links within an email. Instead, type in the URL directly into your browser. Also, (see 1) verify the URL is accurate (i.e. www.idofapr.com is not the same as www.idfpr.com).
- Misspellings and poor grammar are key indicators of phishing schemes.
- Keep your virus software up-to-date.
For those concerned about your notification from IDFPR regarding your license renewal, that is probably not a scam. Your license expires at the end of July 2017. Please visit www.idfpr.com/Renewals/defaultSSL.asp to get started today.