July 6, 2023

Protecting yourself against phishing attacks — even quarantined ones

Phishing continues to be one of the most highly utilized methods by attackers to gain unauthorized access to an organizations network.

It’s important to remember that although security preventions have been put in place against phishing, fellow workforce members can occasionally fall victim to these crafty attempts. This is proving true, even in cases where a phishing email has been successfully quarantined by the security preventions. It is important to treat all emails, even from within the organization, with the scrutiny described below, especially if these emails are found to already be in a mailbox “quarantine”.

Security measures can make mistakes and identify legitimate emails as phishing, but many times that is not the case and due care must be given when considering releasing a mail item from a mailbox quarantine.

Things to keep an eye out for:

  • The sender of the email. It’s important to consider the sender. A sender can be unknown or sometimes “spoofed” to look like a known contact. It can even appear to be “from the recipient”. Either way, the sender will often look different or suspicious and can be identified by examination and comparison to the format of a legitimate sender.
  • The subject and body of the email. The first question to ask is if the subject and the body appear to be something you expect. Both will often contain grammatical errors and the body will either ask to click a link, open an attachment, reply to the email, contain giveaway items, or provide money or gift cards or personal information.
  • The link in an email. If a link is provided in the email, it will often appear urgent and may ask to reset a password, view or download documents, or login or click in order to learn more about what’s being described in the body of the email.
  • The attachment in an email. If provided, this will often be made to look like it relates to the subject/body of the email. It may look like a web browser file, a zip file with a password provided in the body of the email, a fax message, a receipt, or even a “voicemail” file (.HTM or .HTML file extensions or common with fake voicemail phishing).

As a rule of thumb, if an email appears suspicious, immediately consult a fellow staff member or manager for a second opinion, call the Help Desk at 615-343-HELP (3-4357), or send the email to the VUMC IT Security Operations Incident Response team at phishing@vumc.org.