Don't let this happen to you!

advertisement
A Matter of Your
Personal Security
Phishing
Beware of Phishing Emails
Listen to what happened to several of your colleagues:
Several employees received an email that looked legitimate, as if it was
being sent directly from Christiana Care. Those employees clicked on
the link within the email, which unintentionally gave the hacker their
network login information. Consequently, the hacker was able to access
their Workday account and change their direct deposit information. As a
result, their bi-weekly pay was directed to the bogus bank account.
Don’t let this happen to you!
What is “Phishing?”
An attempt to acquire sensitive information such as
usernames, passwords, and credit card/bank account
details, often for malicious reasons, by masquerading as a
trustworthy entity in an electronic communication.”
-Wikipedia
How do I know if it’s a phishing
email?
Common characteristics of phishing emails:

Addressed to a generic or group recipient

Appear to be sent from someone known to the receiver or a trusted organization (i.e.
CCHS)

Convey a sense of urgency, prompting the receiver for immediate action

Contain blank To: or Cc: fields

Subject line is uninformative and/or doesn’t reflect the email content

Signature is often vague or generic

Prompts you for a username and/or password, or other sensitive information

Occasionally includes misspelled words, grammatical errors, or other confusing
information
Do’s and Don’ts of Phishing Emails
DON’T
 Click on an unfamiliar link or open an attachment in an email
from an unknown or untrusted source
 Provide anyone with your username, password, or any other
sensitive account information, even if the message appears to
be coming from CCHS
 Enter private or personal information in a popup window
 Enter private information on a website without first checking for
https:// in the URL and a lock icon
Do’s and Don’ts of Phishing Emails
DO

Use caution when opening unsolicited email messages.

Pay special attention to the name of the website. Often times they look very similar and
only deviate by 1-3 letters. For example: www.christianacare.org vs.
www.christanacareS.org

Hover your mouse pointer over the embedded link, or retype the address in a new
browser, to see if it is taking you to where it claims to be.

Check the sender’s address to make sure you know the person/organization that sent the
message.

Review the subject line of the message for suspicious/strange language, or directions to
open an attachment or click a link.

Report suspicious email activity as junk by clicking the “Junk” button on your Outlook
toolbar.

Use caution when checking your email on a mobile device.

Consider changing your other passwords (i.e. to your personal accounts)
When in doubt…
 Consider deleting a message if it contains a link or an
attachment that you weren't expecting to receive. Be sure
that you delete the message without opening the
attachment.
 CCHS will NEVER ask you for your 801# or password for
any reason, especially via email.
 Report suspicious email activity as junk by clicking
the “Junk” button on your Outlook toolbar.
 Contact the IT Customer Service Center.
What Does This Mean To You?
If a hacker has access to your username and password, he also has
access to your personal information AND your work information, such as:
 Date of birth
 Social Security Number
 Benefit information
 Bank account numbers
 Tax documents
 Work email
 CCHS systems (i.e. Powerchart)
Having access to this sensitive information could put your
personal identity and our patients at risk.
This is Phishy!
Appears to be sent
from someone known
to the receiver or a
trusted organization
Prompts to change
account information
Conveys a sense of urgency
Signature is vague or generic
This is Phishy!
Addressed to a generic group
or recipient
Conveys a sense of urgency
Actual link
Download