Phishing Attacks

UCHS has been targeted recently in a phishing email attack. Please watch my video as I walk through signs that could help us be more prepared for next time! Then read the tips and tricks below!

Once your info is obtained, hackers create new user credentials or install malware (such as backdoors) into your system to steal sensitive data.

The first thing that usually arouses suspicion when reading a phishing message is that the language isn’t quite right – for example, a colleague is suddenly over familiar, or a family member is a little more formal. For instance, if I personally were to receive an email from our Network Administrator, Keith Bias, that began with “Dear Monica,” that would immediately raise a red flag. In all of our correspondence, he has never begun an email with that greeting, so it would feel wrong. If a message seems strange, it’s worth looking for other indicators that this could be a phishing email.

One of the more common signs of a phishing email is bad spelling and the incorrect use of grammar.

Another simple way to identify a potential phishing attack is to look for discrepancies in email addresses, links and domain names. For example, is the email spelled wrong or from a different @name? If a link is embedded in the email, hover the pointer over the link to verify what ‘pops up’ instead of clicking on it right away. If the email is allegedly from PayPal, but the link does not include “paypal.com,” that’s a huge giveaway. If the domain names don’t match, don’t click.

Emails that threaten negative consequences should always be treated with suspicion. Another tactic is to use a sense of urgency to encourage, or even demand, immediate action in a bid to fluster the receiver. The scammer hopes that by reading the email in haste, the content might not be examined thoroughly so other inconsistencies associated with a phishing campaign may pass undetected.

• If you get an email from someone you don't know with an attachment...
• If you're getting an attachment that you weren't expecting...
• If the attached file has an extension commonly associated with malware downloads (.zip, .exe, .scr, etc.)...
• Do Not Open!

While many phishing emails will be stuffed with details designed to offer a false security, some phishing messages have also been sparse in information hoping to trade on their ambiguity. For example, a scammer that spoofs an email from someone you know, and includes only a vague message ‘here’s what you requested’ and an attachment titled ‘additional information’ in hopes they’ll get lucky.

Because phishing emails are unsolicited, an often-used hook is to inform the recipient he or she has won a prize, will qualify for a prize if they reply to the email, or will benefit from a discount by clicking on a link or opening an attachment.

Trust me, chances are, you did not win anything. Don't take the chance!

This is the big one.

One of the most sophisticated types of phishing emails is when an attacker has created a fake landing page that recipients are directed to by a link in an official looking email. The fake landing page will have a login box or request that a payment is made to resolve an outstanding issue. Sometimes they're looking for your username and password, or their asking you for the verification code that was just emailed/texted to you! Credit card information?...even if you are intentionally buying something online, always check the address bar and make sure it is an https:// site instead of an http://

That added "s" is added SECURITY!

Online Messages

If you suspect that an email or text message you received is a phishing attempt:

• Do not open it.
• Delete it immediately
• Do not download any attachments
• Never click links
• Do not reply
• Report it to tech

Phone Calls

If you receive a phone call that seems to be a phishing attempt:

• Hang up or end the call.
• Do not respond to the caller’s requests.

• Report it to tech
• Tech will change your work password
• Change your personal passwords
• Call your Credit Card Company/Banks