Security - Fraudulent Email


The IT Department has implemented changes that restrict malicious sources from forging the City's email address otherwise known as email spoofing. What this means is that senders may pose as legitimate City of Round Rock staff members by name but they cannot forge an email address to deliver email. Because of this restriction, there are several indicators that can help staff identify bogus email.

Bogus Email Indicators

  1. The From email address is not from an email however they are attempting to appear as if the sender is a City staff member.
  2. The email has been delivered to your Junk email folder rather than your Inbox. It is true that sometimes legitimate emails are delivered to the Junk folder, however, often these emails are truly random marketing and sales correspondence. More importantly, they are often attempting to trick users into:
    • Clicking malicious links
    • Providing personal/account information
    • Providing items of value such as financial information, changes to bank routing, checks, or even iTunes gift cards.
  3. The IT Department tags every email that is delivered from a non-City email address with the following:

What this tag means is that the email was sent from an external mail source and did not come from an email address. This is a great visual indicator to use extra caution when reading or responding to these correspondence.

Wrapping It Up

Exercise precaution and ask a few questions about the email received.

  1. Am I familiar with the source that sent the email
  2. Was I expecting the request/does the request make sense
  3. Are any of the indicators listed above present
  4. Is there a way for me to validate the request before I proceed with acting on it (can I call the source, for instance, to check that they sent the email)

In instances where you have received a questionable email from a source posing as a City employee and you are unsure, utilize the Global Address List in Outlook or the Staff Directory on EmployeeNet. These sources list official contact information that you can reference to call or send a new email for validation. 

One final option is to contact IT Support staff and ask them to weigh in on the legitimacy of an email. We understand how tricky this can be. We are happy to assist and would prefer extra caution to avoid a security breach.

0 out of 0 found this helpful



Please sign in to leave a comment.