Phishing Notice - Security Enhancements
Phishing is a scam used by identity thieves to deceive users into providing their personal information. Identity thieves send authentic-looking emails which impersonate official entities in order to trick users into clicking on a link in the email. The link in the email takes the user to a phishing website which is identical in look and feel to the official entity's website. When the users enter their user names and passwords, the phishing website captures the user names and passwords.
In order to prevent phishing attacks, the Clean Air Markets Division (CAMD) is implementing the following changes:
1. All password changes must be completed in CBS. Users cannot change their CBS passwords through any other application.
2. Emails which originate from the CAMD Business System (CBS) will no longer have hyperlinks to CBS. Emails from CBS may contain hyperlinks to the Clean Air Markets Website, but emails should never contain a hyperlink to CBS. If a user receives an email from CBS which contains a hyperlink to CBS, the user should not click on the link and contact CAMD regarding the email.
3. Emails from CBS will never request that a user click on a hyperlink in order to verify the user's authentication credentials (e.g., user name, password, challenge questions and answers). If a user receives an email from CBS which requests that the user verify the user's authentication credentials through a hyperlink, the user should not click on the link and contact CAMD regarding the email.
4. Confirmation emails sent after a user's password has been changed will be sent to the old and new email addresses. If a user receives an unexpected CBS email which indicates that the user's password has been changed, the user should contact CAMD regarding the email.
5. Users will be required to provide an answer to a randomly selected challenge question from the user's pool of challenge questions when changing personal information, challenge question answers, passwords, and email addresses.