Print This Page Print This PageEmail to a Friend Email This Page
Title
March 26, 2015 - Security Corner: Go Phish
Article

Security_HSISNewsletter.jpg
This month’s security topic is phishing attacks. Phishing attacks are used to both solicit sensitive information directly as well as to entice victims into unknowingly downloading and installing malware. Over time, cyber thieves have become more sophisticated in their tactics making it more difficult to distinguish phishing e-mails, phone calls, and text messages from legitimate ones. The scams are commonly designed to appear to be from, among others:

  • Banks, financial institutions, or creditors
  • E-mail service providers
  • Charitable organizations
  • Friends in need
  • The IRS
  • The police
  • USPS, FedEx, or UPS
  • C-Level executives within your organization


How to Recognize Scams
- Be aware of these warning signs:

  • A legitimate-looking design that mimics the hoaxed organization
  • An urgent request for (often sensitive) information
  • A promise of reward if instructions are followed, or penalty if they are not
  • The message is unsolicited and asks you to update, confirm, or reveal personal identity information (i.e. SSN, account numbers, passwords, protected health information).
  • An unusual “From” or “Reply-To” address
  • The (malicious) website URL doesn’t match the name of the institution that it allegedly represents.
  • The message is not personalized. Legitimate sources usually refer to you by name.
  • The message contains grammatical errors.


Phishing Email Dos and Don’ts:

DO call a company that you received a suspicious email from to see if it is legitimate, but never use the phone number contained in the email. Check a recent statement from the company to get a legitimate phone number.

DO look for a digital signature/certificate as another level of assurance that senders are legitimate. Digitally signed messages will have a special image/icon at the subject.

DO adjust your spam filters to protect against unwanted spam.

DON’T ever send credit card or other sensitive information via email.

DON’T click the link. Instead, phone the company or conduct an Internet search for the company’s true web address.

DON’T open e-mail or attachments from unknown sources. Many viruses arrive as executable files that are harmless until you start running them.

Finally, DO use common sense. If you have any doubts, DON’T respond. Ask your department IT representative for assistance.


Also in this issue:

USA Health System Welcomes Vernon Coleman

Tips & Tricks

Email Newsletters

Connect With Us