A Matter of Your Personal Security Phishing Beware of Phishing Emails Listen to what happened to several of your colleagues: Several employees received an email that looked legitimate, as if it was being sent directly from Christiana Care. Those employees clicked on the link within the email, which unintentionally gave the hacker their network login information. Consequently, the hacker was able to access their Workday account and change their direct deposit information. As a result, their bi-weekly pay was directed to the bogus bank account. Don’t let this happen to you! What is “Phishing?” An attempt to acquire sensitive information such as usernames, passwords, and credit card/bank account details, often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.” -Wikipedia How do I know if it’s a phishing email? Common characteristics of phishing emails: Addressed to a generic or group recipient Appear to be sent from someone known to the receiver or a trusted organization (i.e. CCHS) Convey a sense of urgency, prompting the receiver for immediate action Contain blank To: or Cc: fields Subject line is uninformative and/or doesn’t reflect the email content Signature is often vague or generic Prompts you for a username and/or password, or other sensitive information Occasionally includes misspelled words, grammatical errors, or other confusing information Do’s and Don’ts of Phishing Emails DON’T Click on an unfamiliar link or open an attachment in an email from an unknown or untrusted source Provide anyone with your username, password, or any other sensitive account information, even if the message appears to be coming from CCHS Enter private or personal information in a popup window Enter private information on a website without first checking for https:// in the URL and a lock icon Do’s and Don’ts of Phishing Emails DO Use caution when opening unsolicited email messages. Pay special attention to the name of the website. Often times they look very similar and only deviate by 1-3 letters. For example: www.christianacare.org vs. www.christanacareS.org Hover your mouse pointer over the embedded link, or retype the address in a new browser, to see if it is taking you to where it claims to be. Check the sender’s address to make sure you know the person/organization that sent the message. Review the subject line of the message for suspicious/strange language, or directions to open an attachment or click a link. Report suspicious email activity as junk by clicking the “Junk” button on your Outlook toolbar. Use caution when checking your email on a mobile device. Consider changing your other passwords (i.e. to your personal accounts) When in doubt… Consider deleting a message if it contains a link or an attachment that you weren't expecting to receive. Be sure that you delete the message without opening the attachment. CCHS will NEVER ask you for your 801# or password for any reason, especially via email. Report suspicious email activity as junk by clicking the “Junk” button on your Outlook toolbar. Contact the IT Customer Service Center. What Does This Mean To You? If a hacker has access to your username and password, he also has access to your personal information AND your work information, such as: Date of birth Social Security Number Benefit information Bank account numbers Tax documents Work email CCHS systems (i.e. Powerchart) Having access to this sensitive information could put your personal identity and our patients at risk. This is Phishy! Appears to be sent from someone known to the receiver or a trusted organization Prompts to change account information Conveys a sense of urgency Signature is vague or generic This is Phishy! Addressed to a generic group or recipient Conveys a sense of urgency Actual link