Phishing continues to be one of the most highly utilized methods by attackers to gain unauthorized access to an organization’s network. Despite these persistent and varied attempts, there remains commonalities between the vast majority of them that can help you in identifying their malicious intent.
Things to keep an eye out for:
- The sender of the email. It’s important to first consider if the sender is expected. This can be random or sometimes “spoofed” to look like a known contact. This will often look “off” though and can be identified by thorough examination and comparison to the format of the sender field in other legitimate organization emails.
- The subject and body of the email. The first question to ask here is if the subject and the body appear to be something expected. These both will often contain grammatical errors and the body will either ask to click a link, open an attachment, or reply to the email or another email address regarding purchasing something, providing money or gift cards, giving personal information, or perhaps receiving giveaway items.
- The link in an email. If a link is provided in the email, it will often be regarding urgency with resetting a password, viewing or downloading documents, files being shared with you, or requesting to login or click in order to learn more about what’s being described in the body of the email.
- The attachment in an email. If provided, this will often be made to look like it relates to the subject/body of the email. It may look like a web browser file, a zip file with a password provided in the body of the email, a fax message, a receipt, or even a voicemail.
It’s important to remember that although there are many preventions put in place against phishing, fellow workforce members can occasionally fall victim to these crafty attempts. With this in mind, it’s important to treat emails even within the organization with the same scrutiny described above.
Regarding emails, if the situation “just doesn’t seem right,” workforce members should follow their suspicions, consult a fellow staff member or manager for a second opinion, and/or call the Help Desk at 615-343-HELP (3-4357) or send the email to the VUMC IT Security Operations Incident Response team at phishing@vumc.org and ask them to verify it for you.
- Another important item to keep an eye out for is Multi-Factor Authentication (MFA) prompts. If an attacker has acquired your credentials and attempts to login where MFA is required, this will cause a sign-in prompt or text (depending on your preferences) to appear on your MFA enrolled device. In some cases, multiple of these prompts may be received in rapid succession to get you to approve them, in an attack known as MFA phishing. If an MFA prompt is received for a sign-in you cannot recall and/or you are receiving multiple MFA prompts, do not approve any of them. Call the Help Desk at 615-343-HELP (3-4357) and for assistance with resetting your password and report it to phishing@vumc.org to notify the VUMC IT Security Operations Incident Response team of the activity.
Because of your continued vigilance, we have decreased the number of successful attacks on the Medical Center in the past year.