Phishing continues to be one of the most highly utilized methods by attackers to gain unauthorized access to an organizations network. Despite these persistent and varied attempts, there remains commonalities between the vast majority of them that can help you in identifying their malicious intent.
Protecting yourself against phishing attacks will:
- Improve the security on VUMC’s enterprise information and applications.
- Reduce the threat of Phishing attacks that target VUMC users.
What to expect:
Here are things to keep an eye out for when receiving emails.
The sender of the email.
It’s important to first consider if the sender is expected. This can be random or sometimes “spoofed” to look like a known contact or in some cases to appear that the email was sent by you. Observe extra caution if you receive an email that contains your name and email address in the sender field that you cannot recall sending. In all these cases, something will often look “off” and can be identified by thorough examination and comparison to the format of the sender field in other legitimate organization emails. In the case of your name and email in the sender field, a quick check of your “Sent” folder can quickly verify if this was something you sent yourself.
The subject and body of the email.
The first question to ask here is if the subject and the body appear to be something expected. These both will often contain grammatical errors and the body will either ask to click a link, open an attachment, or reply to the email or another email address regarding purchasing something, providing money or gift cards, giving personal information, or perhaps receiving giveaway items.
The link in an email.
If a link is provided in the email, it will often be regarding urgency with resetting a password, viewing or downloading documents, files being shared with you, or requesting to login or click in order to learn more about what’s being described in the body of the email.
The attachment in an email.
If provided, this will often be made to look like it relates to the subject/body of the email. It may look like a web browser file, a zip file with a password provided in the body of the email, a fax message, a receipt, or even a voicemail.
Additionally, be cautious of fake Concur and C2HR websites. Attackers will occasionally acquire random domains and title the page after a familiar resource used within an organization. This is done with the intention of tricking a user into clicking the link and likely redirecting them to a malicious website. Be sure to use only the following links when accessing Concur and C2HR:
- Concur – https://myapps.microsoft.com – sign-in and then find and click “SAP Concur Travel and Expense”
- C2HR – https://c2hr.app.vumc.org
Another important item to keep an eye out for is Multi-Factor Authentication (MFA) prompts. If an attacker has acquired your credentials and attempts to login where MFA is required, this will cause a sign-in prompt or text (depending on your preferences) to appear on your MFA enrolled device. In some cases, multiple of these prompts may be received in rapid succession to get you to approve them, in an attack known as MFA bombing. If an MFA prompt is received for a sign-in you cannot recall and/or you are receiving multiple MFA prompts, do not approve any of them. Call the Help Desk at 615-343-HELP (3-4357) for assistance with resetting your password and to notify the VUMC IT Security Operations Incident Response team of the activity.
It’s important to remember that although there are many preventions put in place against phishing, fellow workforce members can occasionally fall victim to these crafty attempts. With this in mind, it’s important to treat emails even within the organization with the same scrutiny described above.
If the situation “just doesn’t seem right,” workforce members should follow their suspicions, consult a fellow staff member or manager for a second opinion, and/or call the Help Desk at 615-343-HELP (3-4357) or send the email to the VUMC IT Security Operations Incident Response team at phishing@vumc.org and ask them to verify it for you.
It is because of your continued vigilance; we have decreased the number of successful attacks on the Medical Center in the past year.