Print Page   |   Contact Us   |   Sign In   |   Register
IAMU Informer
Blog Home All Blogs

Phishing Alert Regarding IAMU Email Correspondence

Posted By IAMU, 16 hours ago

It has come to IAMU’s attention that some members may be receiving phishing emails that appear as if they are coming from IAMU. The emails in question include alleged invoices. IAMU is investigating the origination of the phishing emails. IAMU will keep you up-to-date on this issue as we have more information to share. IAMU is working diligently to ensure continued safe electronic communication with its members. IAMU is also in the process of adding a Security & Preparedness resource page to our website where members can log in to access resources to help better prepare your organizations from physical and cyber security threats as well as other potential natural or man-made disasters.  

Legitimate IAMU Invoices will only be sent from Jamie Van Dusseldorp from her official IAMU email at These Invoices will always look like this:

Any deviation from the above invoice other than “Your Name” the “Amount Due” and the invoice number and date, should be considered suspicious. If you have any questions about your invoice please contact Jamie at (515) 289.1999 or at her email above.

Invoices received after you order an item or register for a class on IAMU’s official website at will look like this:

If you hover your mouse over the link to your receipt the top line should read: the rest of the wording may vary. When you hover your mouse over the “contact us” the box that pops up should read “mailto:”; just the same as if you hover over the link in this paragraph.

If you have received a suspicious email that appears to be from IAMU, please contact Russ Saffell, IAMU Director of Member Security and Critical Infrastructure Protection or by phone at Office: (515) 289-1999, Cell: (515) 971-2653.

Here are some tips for identifying other suspicious email:

Tip 1: Don’t trust the display name

A favorite phishing tactic among cybercriminals is to spoof the display name of an email. Return Path analyzed more than 760,000 email threats targeting 40 of the world’s largest brands and found that nearly half of all email threats spoofed the brand in the display name.

Here’s how it works: If a fraudster wanted to spoof the hypothetical brand “My Bank,” the email may look something like:

Since My Bank doesn’t own the domain “,” DMARC will not block this email on My Bank’s behalf, even if My Bank has set their DMARC policy for to reject messages that fail to authenticate. This fraudulent email, once delivered, appears legitimate because most user inboxes only present the display name. Don’t trust the display name. Check the email address in the header from—if looks suspicious, don’t open the email.

Tip 2: Look but don’t click

Hover your mouse over any links embedded in the body of the email. If the link address looks weird, don’t click on it. If you want to test the link, open a new window and type in the website address directly rather than clicking on the link from unsolicited emails.

Tip 3: Check for spelling mistakes

Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.

Tip 4: Analyze the salutation

Is the email addressed to a vague “Valued Customer?” If so, watch out—legitimate businesses will often use a personal salutation with your first and last name.

Tip 5: Don’t give up personal information

Legitimate banks and most other companies will never ask for personal credentials via email. Don’t give them up.

Tip 6: Beware of urgent or threatening language in the subject line

Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorized login attempt.”

Tip 7: Review the signature

Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details.

Tip 8: Don’t click on attachments

Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.

Tip 9: Don’t trust the header from email address

Fraudsters not only spoof brands in the display name, but also spoof brands in the header from email address. Return Path found that nearly 30% of more than 760,000 email threats spoofed brands somewhere in the header from email address with more than two thirds spoofing the brand in the email domain alone.

Tip 10: Don’t believe everything you see

Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it.

Tags:  Cyber Security  Phishing 

Share |
PermalinkComments (0)

2017 IUB CS Fall Meeting Invitation

Posted By IAMU, Wednesday, August 16, 2017

Registration is now open to attend the 2017 IUB Customer Service Fall Meetings. Agenda items will include recent municipal legislation, statute of limitations, LIHEAP update, and other items.

For a list of the nineteen meetings with date, time, and location, click here.

Register online -

Registration for each location will close two business days prior to the meeting date. Each registered attendee will receive a packet of information at the meeting.

If you have questions, please call Jane Whetstone at 515-725-7358 or email

Tags:  CS Fall Meeting  IUB 

Share |
PermalinkComments (0)

IUB Pushing to Receive Annual Reports on Time

Posted By IAMU, Wednesday, August 16, 2017

Municipal gas and electric utilities are required by Iowa administrative code to file annual reports with the IUB on or before April 1 of each year. Frequently, there are a number of municipal utilities that do not file their annual reports in a timely manner. This year, as of 8/11/17, there were five municipal utilities that had not filed reports for 2016 by the April 1 deadline. IUB board members and staff have notified IAMU that they would like to see a higher rate of compliance with the filing deadline. At the most recent board meeting on 8/15/17, IUB chairperson Geri Huser announced that in the future any delinquent filers would be listed in the board’s public agenda and meeting minutes as a way to motivate timely filing of reports. While these requirements may seem intrusive or less important at times than other projects, the board can impose penalties if the requirements are not complied with. IAMU reminds all members to pay attention to the board’s deadlines and encourages timely compliance.   

More information on the annual report can be found on the board’s website:

Tags:  IUB  Regulatory Calendar 

Share |
PermalinkComments (0)

Experienced Security and Emergency Management Expert Joins IAMU Staff

Posted By IAMU, Tuesday, August 15, 2017

The Iowa Association of Municipal Utilities is pleased to announce the hiring of Russell Saffell in the newly created position of Director of Member Security and Critical Infrastructure Protection. Russ will work with member utilities to help assess physical and cyber security threats, protect critical infrastructure, and manage emergency and disaster response planning.

“Since 1947, IAMU has been committed to supporting and strengthening Iowa’s municipal utilities, and that mission has always included safety and emergency response services but with time, those services evolve,” said Troy DeJoode, IAMU Executive Director. “Having someone with Russell’s experience and expertise in this position will enable IAMU to deliver cutting-edge, 21st century security and emergency services to our members.”

Russ served two tours in Iraq, and throughout the Middle-East while in the U. S. Navy as a Maritime Special Purpose Forces Corpsman, whereby he was in both a Security and Scout Sniper Platoon dedicated to counterterrorism operations. Russ has more than 16 years of full spectrum (physical, technical and cyber) security governance, critical infrastructure protection, emergency management, continuity of operations, resilience and disaster recovery experience.

Russ comes to IAMU most recently from the U.S. Department of Homeland Security, Federal Emergency Management Agency, where he served as a Security Manager, overseeing security operations for all critical infrastructure, federal facilities, and personnel at Presidentially declared disaster areas. He also served as an independent Special Investigator for the U. S. Office of Personnel Management, conducting Federal Security Clearance Investigations.  

Russ also previously served as a Senior Security Consultant and Deputy Corporate Security Officer at Sogeti, Regional Business Resilience Administrator at Catholic Health Initiatives, Chief Security and Emergency Management Officer at SES Inc., and as Deputy Director of the Story County Homeland Security and Emergency Management Agency.

Russ also has experience as a Utility Locator.  He holds a B.S. in Emergency and Disaster Management from Upper Iowa University, an M.P.S. in Security and Safety Leadership (Counterterrorism) from George Washington University, as well as more than 70 training certificates, and five certifications in the field. He also currently serves as an adjunct professor at the Des Moines Area Community College (DMACC) where he helped to design and develop its Homeland Security Certificate Program, and as an adjunct professor at Upper Iowa University, on an as needed basis.

Russ is a native Iowan who looks forward to making a difference in his home state. “Our municipal utilities play a crucial role in their communities,” he said. “IAMU is dedicated to supporting its members. I am excited to be a part of IAMU’s efforts to help our members deliver safe and reliable utility services and to help them protect the critical assets Iowa’s communities depend on.”

Tags:  Cyber Security  Emergency Management  IAMU Staff  Russell Saffell 

Share |
PermalinkComments (0)

Toolbox Talk - Ticks 101: What to Know About the Pesky Pests

Posted By IAMU, Tuesday, August 15, 2017

Ticks find their hosts by detecting animals’ breath and body odors, or by sensing body heat, moisture, and vibrations. Some species can even recognize a shadow. In addition, ticks pick a place to wait by identifying well-used paths. Then they wait for a host, resting on the tips of grasses and shrubs. Ticks can’t fly or jump, but many tick species wait in a position known as “questing.”

While questing, ticks hold onto leaves and grass by their third and fourth pair of legs. They hold the first pair of legs outstretched, waiting to climb on to the host. When a host brushes the spot where a tick is waiting, it quickly climbs aboard. Some ticks will attach quickly and others will wander, looking for places like the ear, or other areas where the skin is thinner.

Depending on the tick species and its stage of life, preparing to feed can take from 10 minutes to two hours. When the tick finds a feeding spot, it grasps the skin and cuts into the surface. The tick then inserts its feeding tube. Many species also secrete a cement-like substance that keeps them firmly attached during the meal. The feeding tube can have barbs, which help keep the tick in place. Ticks also can secrete small amounts of saliva with anesthetic properties so that the animal or person can’t feel that the tick has attached itself. If the tick is in a sheltered spot, it can go unnoticed.

Protecting Yourself Against Ticks
Use repellents that contain 20 to 30% DEET (N, N-diethyl-m-toluamide) on exposed skin and clothing for protection that lasts up to several hours. Always follow product instructions.

Use products that contain permethrin on clothing. Treat clothing and gear, such as boots, pants, socks, and tents with products containing 0.5% permethrin. It remains protective through several washings. Pre-treated clothing is available and may be protective longer.

Removing Ticks
To remove a tick, grasp it with tweezers as close to the skin as possible and pull straight out.

Bathe or shower as soon as possible after coming indoors (preferably within two hours) to wash off and more easily find ticks that are crawling on you.

Conduct a full-body tick check using a hand-held or full-length mirror to view all parts of
your body upon return from tick-infested areas. Check for ticks under the arms, in and around the ears, inside the belly button, behind the knees, between the legs, around the waist, and especially in the hair. Ticks can ride into the home on clothing, then attach to a person later, so carefully examine clothing and gear.

Tumble clothes in a dryer on high heat for half an hour to kill remaining ticks. Some  research suggests that shorter drying times may also be effective, particularly if the clothing is not wet.

If you develop a rash, body aches and pains or fever within several weeks of removing a tick, see your doctor.

Be sure to tell the doctor about your recent tick bite, when the bite occurred, and where you most likely acquired the tick.

Tick paralysis is a rare disease thought to be caused by a toxin in tick saliva. The symptoms include acute, ascending, flaccid paralysis that is often confused with other  neurologic disorders or diseases (e.g., Guillain-Barré syndrome or botulism). Within 24 hours of removing the tick, the paralysis typically subsides.

Tickborne diseases can result in mild symptoms treatable at home to severe infections requiring hospitalization.  Although easily treated with antibiotics, these diseases can be difficult for physicians to diagnose. However, early recognition and treatment of the infection decreases the risk of serious complications.

Tags:  Safety Services  Toolbox Talk 

Share |
PermalinkComments (0)
Page 1 of 108
1  |  2  |  3  |  4  |  5  |  6  >   >>   >| 
Membership Software Powered by YourMembership  ::  Legal