A blog for GovDelivery Clients
Header

By the GovDelivery Security Team

As a government communicator, you know your organization is constantly in the spotlight, and a phishing scam causes one fire you hope you never have to put out.  But when you operate with a high profile, you’re much more likely to become a target for phishers and spoofers. Here are a few tips on how you can prepare.

 What is spoofing and phishing?

  • Spoofing is when an unidentified sender attempts to send an email from your domain (or a similar domain) in order to trick unsuspecting recipients into doing something they might not normally do, such as opening an attachment or downloading a file.  Spoofers typically choose a sending domain similar to the target organization. For example, if the domain is state@agency.gov, spoofers might use state@agency.2.gov or state@agency.agency.gov.
  • Phishing is an attack where a sender tries to trick the recipients into giving up sensitive information, oftentimes resulting in financial gain for the sender. Phishing uses spoofing, as the sender attempts to send from your domain in order to collect information.

These aren’t technical attacks, but are known in the industry as social engineering attacks. Instead of trying to hack into your computer to get the information they want, hackers who use social engineering bypass technology controls and instead rely on the weakness of the users to simply provide that information directly. And unlike technical attacks, they’re far more difficult to protect against.

Government organizations send thousands of digital messages a week, making it a breeding ground for phishers and spoofers to take their domain, voice and email design in order to replicate a malicious message for the public.

Recent examples of spoofing and phishing in the public sector

The Ministry of Justice in the UK was the most recent target of spoofing.  Spoofers sent victims an email that appeared to come from the police department asking for the collection of parking fine payments. These emails instructed the recipients to download an attachment, claiming it was a form that required more information.

uk

The emails had been spoofed to make it appear as though they had been sent from the domain justice.gov.uk. The Ministry of Justice was able to quickly quell the situation by bringing awareness to the public. They got the word out through press releases in the local media, email communications and updates on their website.

With tax season coming up, one popular form of phishing is for unidentified senders to leverage phony Internal Revenue Service (IRS) forms to collect data. Attackers might craft emails that appear to come from IRS.gov and request unsuspecting victims to fill in attached forms and fax them to a given number. This year, phishers have been using phone calls and emails in the State of Indiana, posing as IRS agents in order to target unsuspecting victims to trick them into giving out personal information.

How does GovDelivery help?

At GovDelivery, successful delivery of public sector messages to massive groups of people is our business. Public sector organizations send billions of messages per year using the GovDelivery Communications Cloud, and because we only send on behalf of government organizations, we have the best deliverability rates in the industry (98% of emails sent through GovDelivery are successfully delivered to recipients). Spoofing or phishing messages typically don’t reach the inbox, since they are sent from a phony domain. It’s less likely that your audience will even see a spoofed email, since these often land in the Junk or SPAM folders. Knowing that messages sent through GovDelivery reach the end recipient helps your audience better determine that your emails are legitimate (and spoofed messages aren’t).

In many cases, GovDelivery is also able to handle the technical side of email spoofing or phishing attacks, since we might notice an attack before our clients do. Fraudsters will often send high volumes of phishing emails at once, so we are able to monitor and detect any unusual activity around GovDelivery domains (such as an influx of replies or inquiries to our GovDelivery Subscriber Help Center) and immediately alert the impacted organization.

Even though smaller attacks may go unnoticed, some ISPs or recipients may also reach out and send an email to abuse@govdelivery.com or postmaster@govdelivery.com as well, at which point we’ll evaluate and alert the impacted organization.

However, if fraudulent senders attempt to spoof your organization’s domain without using the GovDelivery name, we may not be able to catch those incidents since we won’t have visibility into how the domain is being used.

HMRC

What can your organization do?

While it may seem tempting to sweep a phishing attack under the rug, offering resources and open communication to your audience is the best way to reduce the amount of people who will fall prey to a phisher or spoofer.

  1. A phishing or spoofing attack can quickly become a PR issue. Many organizations choose to get the word out immediately during or after an attack with website, email and text updates, similar to the Ministry of Justice. By bringing awareness to the public, organizations can reduce the likelihood that others will fall for to the attack
  2. As a proactive measure, GovDelivery recommends providing resources and information on your website, giving your audience a place to validate any questionable emails they receive. It’s always a good idea to remind your audience that you will never ask for sensitive personal information through email, such as a bank account or social security number. Here is a great example from HM Revenue and Customs in the UK.
  3. For more in-depth preparation and damage control tips, check out this comprehensive article from CSO Data Protection, “Phishing: the Basics”.

Remember, no organization is impervious to phishing or spoofing, but they can prepare themselves should the unfortunate situation occur. For more information on how to protect yourself, check out the U.S. Securities and Exchange Commission’s article, “Phishing” Fraud: How to avoid getting fried by phony phisherman”.

 

In the public sector, email is an essential component of any best-in-breed communications strategy. With the steady increase in worldwide smartphone usage, email has become the fastest and most efficient way to reach people wherever they are. And because email offers a direct and personalized connection to your stakeholders, it’s imperative that you send email and that your email gets read. However, with advances in technology occurring every day, the world of email is dynamic and ever changing. When it comes to rules for reaching the inbox, no two email clients are the same.

Google’s popular email client, Gmail, recently began a roll out of their new inbox design which changes the way emails are organized and viewed. The new design automatically filters all emails, including those from the public sector, into four default inbox “tabs”: Primary, Social, Promotions and Updates.

newinbox

This change has some public and private sector digital communicators up in arms. Why? Many worry that this change creates default inbox categories that email users may not explore. The perception is that if content lands in one of these new tabs, it will decrease opens, clicks, and overall subscriber engagement. At GovDelivery, we simply aren’t finding this to be the case. Engagement rates have not changed significantly and there are even some benefits that come with the newly organized Gmail inbox. So fear not! We have everything you need to know about the new changes at Gmail.

What do the tabs mean? According to Gmail, the Primary tab contains person-to-person conversations and messages that don’t appear in other tabs. The Promotions tab holds deals, offers and other marketing emails. Messages from social networks, media-sharing sights, dating services, and other social websites will be filtered into the Social tab. The Updates tab contains personal, auto-generated updates including confirmations, receipts, bills and statements. Any messages from online groups, discussion boards and mailing lists should arrive in the Updates tab. The Updates and Forums tabs typically aren’t enabled by default.

newtabs

Are the tabs configurable? Yes! Gmail users can turn these tabs off if they prefer the classic inbox view. They can also customize their tab setup based on how they prefer to organize their inbox. Gmail provides detailed instructions around how to do that here.

Users still have the option to “star” their messages. Stars let users easily mark certain messages as important or to indicate that they need to reply to them later. With the new inbox, any “starred” messages are automatically moved to the Primary tab. This feature can also be configured and turned off.

Apptabs

 

What about mobile? With more and more email people reading email on their mobile device each day, it’s important to look at how the new tabs change the mobile viewing experience. According to a study conducted by email testing and tracking company Litmus, only 19% of Gmail opens actually occur in Gmail on a desktop computer. A whopping 66% of Gmail opens are occurring on mobile devices.

However, the number one email client for Gmail users is the iPhone’s built-in mail client, accounting for 34% of all Gmail opens. Interestingly, the iPhone’s native email application does not support Gmail tabs, so there is no impact here.

While Android phones and the Gmail app for iPhone do support the new tabs, this makes up a smaller percentage of opens (20%, according to Litmus).

Inbox tab organization isn’t new. Add-ons and applications like Priority Inbox and Clean Sweep have been offering sorting and organization functionalities to email users for years. While new filtering options like these can affect how your Gmail users receive and interact with your emails, these new tabs make it easier for readers to find your messages. Instead of being pushed to the second or third page of the Gmail inbox behind Facebook or Twitter notifications, marketing promotions, etc. your emails may have their own placement at the top of the Updates tab.

As Gmail tabs become more widely adopted, users will inherently know where to go to find your messages.

What’s next? As your partners in communications, GovDelivery watches deliverability for our clients closely. As we mentioned earlier, government organizations that send email to stakeholders through GovDelivery have not experienced a noticeable decrease in engagement across the board, and we are always working behind the scenes to ensure optimal delivery of your bulletins.

While it’s not necessary, or recommended, to take any action to bypass Gmail’s new filtering, there are a few things we’ve seen email industry communicators do to be proactive in making sure their emails are getting read:

  • To increase the likelihood of your communications landing in the Primary folder, increase your readers’ engagement with your messages as much as possible. Include smaller bits of information that require readers to click through to page on your website to read the rest of your message. This will also increase your website traffic and allow you to connect stakeholders to additional information you offer that they may not know about.
  • Remind subscribers to update their Gmail preferences so that you as a sender always appear in a specific tab (directions here https://support.google.com/mail/answer/186534?hl=en). Many companies in the private sector have been doing this for quite some time. Here are a few examples:

examples

  • You can also do nothing at all! Ending up in another folder, like Updates, isn’t necessarily a bad thing. Arriving in a separate tab means your emails will land among less competition. This means less chance of mass-deletion and a higher chance of grabbing your audience’s attention.

While Gmail is the first email client to implement tabs on their users’ behalf, it’s important to watch and see if Yahoo and Outlook (formerly Hotmail) mimic Gmail’s new inbox platform.

For more information on this change to Gmail, check out their recent blog post: http://gmailblog.blogspot.com/2013/05/a-new-inbox-that-puts-you-back-in.html

Emergency communications is a critical process to get right. It literally is the difference in saving more lives when a disaster strikes. So, what exactly is the one-two punch needed to be truly effective when communicating with the publicRed boxing glove concertina on white background during emergencies?

Maximum outreach plus multichannel distribution. This combination is an absolute necessity for today’s emergency communicators to be truly effective.

In my other recent posts on emergency notifications, I mentioned how reaching the maximum number of people during emergencies can help to save a lot more lives. Maximum reach needs to be a main goal for all government organizations, particularly Offices of Emergency Management. Just having a large list of subscribers doesn’t allow you to rest on your laurels. You have to actually be able to reach them when you need to. That’s why it’s critical that you use a multichannel approach when sending emergency notifications.

Think about all of the communication tools we use. Between the multiple email addresses (work, personal, etc.), mobile phone for voice and text messages, various social media profiles, and home landline phone, the number of communication channels goes on and on. This is why it’s critical for you to use multichannel distribution during an emergency. When an emergency hits, you need to use multiple channels to ensure that people get the information they need in order to take necessary precautions. Bottom line: by sending out emergency notifications through multiple channels, you are much more likely to reach them.

Many government organizations are still using a system in which they are relying solely on a landline channel to try to get a hold of people in emergencies. The problem with this approach is that a lot of people no longer use their landline phones, and those people would have to be home to get the emergency alert. With a robust, single-platform, multichannel system, you dramatically increase the chances of reaching citizens, wherever they are at the moment you’ve sent that message.

Easy Button1Maximum outreach, along with multichannel distribution, are key elements in reaching people in emergencies. There are solutions that provide multichannel communications, making it easy to integrate all of these emergency communication strategies, such as email, voice messages, SMS/text messages, and social media postings. When you have these in place, you can create one message and push it out through all of these channels at once. It’s like you’ve just pressed your very own “Easy” button!

Join us for the fourth and final podcast for more information on the power of combining maximum reach with multichannel distribution in emergencies.

By Richard Fong, Technology Project Manager

Moderate impact. Low impact. Collision. Cleared.

If you travel on highways anywhere, wouldn’t it be nice to have these types of messages delivered to your email or phone so you could anticipate a change in your route and save time?

With some cool technology, the Washington State Department of Transportation (WSDOT) has started doing just that.

Earlier this year, I had the opportunity to visit and speak with Tom Stidham, a developer with WSDOT. He stated that, before using a proactive digital communication system, they would post traffic information on their website and then push out alerts via Twitter. While these two channels did their job, WSDOT was looking to increase their proactive communications by providing email and SMS alerts to people traveling throughout the state of Washington.

By using GovDelivery’s Send Bulletin application programming interface (API), Tom was able to quickly a­­nd effectively integrate these alerts with their current work flow process to send automated messages to the public. These messages include traffic incidents, road conditions, and construction­ alerts.

The public can now sign up to more than 50 email and SMS alerts for different regions within the state, including areas such as the Oregon border and the Cascades, the Olympic Peninsula, and metropolitan areas such as Seattle, Spokane, and Tacoma.

What does that mean for the people who live and visit Washington? They can find out what’s happening on roads throughout the state without having to constantly check Twitter or the department’s website. They get the information they need, controlling what updates they receive by subscribing only to the updates they want. And, maybe most importantly, if there’s a critical road closure (think the Skagit Bridge collapse), the SMS or email message that alerts residents and visitors to a potentially life-threatening road event can help save lives and protect property.

For more information on how you can leverage API technology to help your organization, watch my webinar, “Using APIs for success in Government."

Co-written by Anne Doucot and Mary Yang

In my last post, I talked about how reaching the maximum amount of people that you can during an emergency can be the difference in saving more lives. And if you’ve been following along in the last couple of posts and podcasts from this series so far, you’ve also heard me talk about how important it is to get subscribers in addition to the use of a single platform, multichannel system. But, I know what many of you are thinking, once you get subscribers, how do you keep their contact information up-to-date?

hey-look-hereWith a single platform system that’s used by both your organization’s emergency communications department and public affairs office.

If you’re lucky, as an organization, you may only need to activate emergency alerts once or twice a year. That means, if your current system allows citizens to sign up to receive emergency alerts, that data may be quite old by the time you need to rely on it.

The solution to keeping contact information up-to-date is by using a comprehensive system that allows for both regular government communications and emergency notifications. The system should allow citizens to sign up for a variety of topics. With this kind of system, citizens can choose to receive updates on topics of interest and choose the method of communication they prefer (email, SMS, social media, etc.) The system should also allow citizens easy access to their profiles to provide updated contact data if they want.

As the communications department provides regular messages, the system will recognize if email addresses are still in use or if text messages are delivered. For organizations that use the same platform for their government communications and emergency notifications, sending out regular communications can continually test and cleanse the contact data for their citizens.

Join us for the third podcast for more information on how easy it can be to keep citizen contact information up-to-date.

For more analysis on current emergency notifications technology, download this recent Analyst Brief from IDC Government Insights.

In my last post, I discussed how a siloed communications system doesn’t work in emergency communications. The term, silo, refers to departments within an organization working separately with little to no communication with each other. For example, in the public sector, emergency notifications are typically handled separately from the communications team.

Taking full advantage of technology and the wide variety of communication tools available is often a bit slower on the adoption scale for government organizations. Add to that a siloed communications approach, and you have a combination Emergency Informationthat creates both inefficiency and ineffectiveness in reaching the people you need to reach in emergencies.

In a crisis situation, reaching the maximum amount of people that you can within the community that could be affected can be the difference in saving a few lives versus saving a lot of lives.

The Town of Ocean City, MD, discovered this need firsthand in 2011 when Hurricane Irene devastated the area. In the aftermath of the storm’s destruction, residents felt that the town’s communication could have been better before and during the storm. The town knew it needed a better communication system and a more flexible way to quickly get messages to more residents, especially in times of emergencies.

Ocean City administrators began using their website as a way to gain subscribers with the help of a digital communication management system (DCM) and started offering various topics that would be of interest to residents, allowing people to sign up for information and emergency alerts. When Hurricane Sandy hit the following year, the city was prepared, pushing important information alerts out to residents via SMS/text messaging and email.

So how can your organization gain more reach?

By making it a priority to get as much information as you can from your stakeholders before an emergency. What type of information and how much you gather will depend on your organization, but you must start with the basics, such as phone numbers, email addresses, home and work addresses, and any other contact information that you need from your stakeholders. Getting this information before an emergency strikes allows you to proactively get critical information out to residents, which can in turn potentially save someone’s life.

Join us for the second podcast for more on the importance of getting rid of siloed communications, and achieving maximum reach in emergencies.

Data SilosAs a government professional, chances are you know a thing or two about emergency notifications. It’s a critical tool that is an absolute necessity as a means to communicate effectively with the public in times of emergencies. However, what you may not realize is that using a single platform system to manage your emergency communications is just as important in maximizing effectiveness.

Unfortunately, the problem with current emergency communication tactics is that they often exist within a siloed structure. More simply put, many government organizations have different departments that are working separately when it comes to getting the word out to citizens in urgent situations. For example, emergency notification systems have typically been managed separately from the communications department within an organization. Although this may have been fairly efficient in the past, this structure is no longer effective in today’s highly mobile culture.

If your organization is currently working within a siloed communications structure, try using a single platform system instead. With cloud-based emergency notification solutions, your organization’s emergency notifications and digital communication systems can be connected so that your emergency operations center can work seamlessly with your communications department. Role-based permissions help limit who can send what kind of communications, but everything work-togetheris managed in a single platform. This will increase efficiency in getting the word out during an emergency. And more importantly, having these systems work efficiently and cohesively together can help to save people’s lives when survival depends on timeliness of emergency notifications.

In the past, using the capability of “Reverse Dial” (the ability to gain access to all landline contacts within specific geographical areas) may have been enough. But many people now use their mobile device as their main voice channel. Mobile devices allow for greater flexibility in receiving information via SMS text messaging, email, or newsgathering through web browsers. We are a hyper-connected society, surrounded by all that technology has brought, and your emergency communications strategy should reflect that.

Think about it. If you found yourself in an emergency situation, what’s the first thing you would want to know? First and foremost, you would want to know exactly what and where the situation is and how you and your family will be protected. You want the right resources, and you want them fast and easily accessible. And in urgent situations, whether it’s a natural disaster such as a hurricane, a water main break that could affect your family or a criminal situation that is close to home, you need that information as quickly as possible.

Join us for a four-part podcast series on Emergency Communications and how you can help your organization better communicate with the public in emergency situations. Listen to the first podcast here:
Siloed Communications Systems Create Inefficiency
.

By Amy Larsen, Client Success Consultant at GovDelivery

Today’s government communicators are tasked with staying on top of the latest communication trends to create and deliver messages or content that stakeholders want to receive.  And we all know the only way to determine success is if we measure it, which means government communicators end up using to private sector definitions and measurements. You can find information on average open rates or click-through rates all over the internet. This also leads public sector successprofessionals to compare themselves to private sector counterparts. Unfortunately, this is the best the public sector has been able to do in the area of communications metrics – up until now.

If we consider what’s important to private sector communicators, certain goals come to mind:

  • Brand recognition
  • Increased market share
  • Promotion of new products and services

If you get messages like I do (on a daily basis), revenue-centric goals are often the focus. Successfully increasing sales through promotions and moving customers away from competitors are the tangible marks of a successful private sector campaign.

Not all of these success metrics are specific to the private sector – things like branding and promotion of events are certainly areas of cross-over when it comes to public sector messaging and campaigns goals. However, public sector communicators also have unique goals based specifically on mission: keeping people healthy; finding homes for lost pets; or tracking down dangerous suspects. In fact, more often than not, the success of a public sector campaign is based on these intangible mission-oriented goals, and measuring these results is not always as easy as taking a simple inventory of how many shoes sold after you sent 50% off coupons to a list of 10,000 email addresses.

Successful public sector communications often require more collaboration, creativity and open exchange of ideas from multiple departments and teams than a private sector marketing message. For instance, a police officer writing a report on a wanted suspect may have to quickly communicate the suspect’s identifying information to a communications specialist, who will then craft and send an eye-catching message (so people will open it) to stakeholders through multiple channels. In turn, communicators want to know the impact of their efforts and may need to reach out to other teams to determine the results of specific messaging.

Communicators may struggle to gather data from healthcare providers on the number of people who went in for flu shots the weekend that their healthcare social media update was posted vs. the previous weekend with no promotion, especially when they do not know who to contact for records at a healthcare facility.  This requires planning and open communication between teams to achieve the goals that best serve stakeholders, but it also means knowing what you’re trying to achieve before you start creating your messages.

What are some examples of measurable results from communications efforts? A few recent examples that stand out include:

Stearns County Sheriff’s Office recently started connecting with stakeholders via a digital newsletter. Embedded within the newsletter was an option to submit tips via email, telephone and a web form. Within 13 minutes of sending their newsletter, the sheriff’s office got their first tip from one of the newsletter’s recipients.

San Francisco Bay Area Rapid Transit (BART) recently alerted followers via Twitter to sign-up for email and SMS updates during a period of service delays due to a collision of maintenance vehicles. Communicating major delays quickly and directly through multiple channels helped BART riders avoid closed routes and minimized incoming complaints to BART customer service. BART collected 800+% more email and SMS subscribers during the service delay (compared to their regular service periods) as riders signed up to receive direct updates through two of the most popular communication channels.

The City of Moore, OK recently coordinated disaster recovery efforts after EF4 tornadoes ripped through the city, leaving a trail of destruction that included loss of life, severe injuries, and destruction of homes and property. Moore city officials quickly responded with outbound messaging, giving residents resources to contact emergency services and to get the help they needed in the wake of the disaster.

Each of these examples show how mission goals means different measurements of success. How does your department define success? Are you measuring the number of subscribers, clicks, opens, or likes after a certain message was sent? Or, do you strive to achieve a healthier population, a safer place to work and play, or a way to get more people involved with civic events? What may seem like the simplest step in the process – knowing what you’re trying to accomplish with each communication – is often the step that is most over looked in an effort to produce more content and faster responses to the public. What successful communicators recognize is that defining the goal that you’re trying to achieve can help streamline communications – instead of throwing out as much content as you can, focus on a goal, and execute a communications campaign to achieve measurable results toward that goal.

Unlike businesses in the private sector, government organizations have an additional challenge. In times of emergencies, such as a natural disaster or criminal threat to the community, getting that message successfully delivered to the right audience, and at the right time, can help save lives. A government agency’s ability to easily connect with community members during times of emergencies is crucial. And if the possibility of saving more lives and communities hinges on your message getting successfully delivered, you want to make sure that you’re using the best tools to accomplish that.

To help you zero in on how to improve your organization’s communications, Adelaide O’Brien, Research Director for IDC Government Insights, will share the latest research on emergency communications for government during an upcoming webinar. Communicating vital information effectively with the public in emergencies is an absolute necessity in gaining and retaining citizen satisfaction, and Adelaide will offer tips and examples of what works.

A communications strategy is key in properly relaying important information to your audience. Using the right system can help you build an audience, manage contacts, and send messages quickly- to specific community members when necessary.

Join Adelaide for this webinar, where she will discuss the challenges, strategies and technologies that are shaping these critical communications today.

Featured Speaker: Adelaide O’Brien, Research Director for IDC Government Insights

AdelaideOBrien

Date: Wednesday, June 26, 2013
Time: 1:00 pm Central
Cost: Free

This event is open to all government employees and contractors. To register for this complimentary event, click here.

To download Adelaide’s Analyst Connections report on emergency communications for government, visit http://direct.govdelivery.com/IDC-ENS-SM.