Cybercriminals send over 300,000 phishing messages per month and have caused over 1,800 publicly reported data breaches in 2021, exposing over 40 billion records. But it isn’t enough to simply know that phishing emails are out there; you also need to be able to recognize and report them to the appropriate personnel at NEOMED.
Some of the most prevalent phishing email tactics seen at NEOMED
Random, vague invoices or renewals sent by gmail/icloud email accounts
NEOMED IT Security personnel have seen an increase in this method of phishing. where users have received email messages containing the following properties:
- Subject: Something that includes the words “Invoice”, “Renewal” or “Order”
- Sender: Typically a gmail.com or icloud.com account
- Attachments: A PDF or image attachment that is labeled with random numbers and can include the words “Invoice” or “Order."
- Body of email: Typically, these contain misspellings and/or poor grammar regarding a vague invoice/renewal.
- What’s the (phish) hook? These types of messages include a phone number in the body and/or attachment of the email with the hope the recipient calls the number wherein further social engineering could occur, convincing the caller to disclose personal/financial information.
GOOGLE DRIVE – FILE FOR YOUR REVIEW
Malicious individuals will try to impersonate people at NEOMED, such as the NEOMED President, Dean, Vice President, someone in the HR department, IT department or even a peer. This type of phishing email has the following attributes:
- Subject: “File shared with you” or “Document shared a file with you”
- Sender: drive-shares-dm-noreply@google.com
- Attachments: None
- Body of email: Typically, these contain a quick sentence that someone at the University has shared a file for your completion or review followed by a link to something stored within Google Drive.
- What’s the (phish) hook? These types of messages rely on urgency and/or authority as well as vagueness in the request in the hope the recipient clicks the Google Drive link. We have seen that this redirects to a Google Form that pretends to be a login page asking for the user’s email address, password and other information (that is not requested when logging into legitimate NEOMED systems). the number wherein further social engineering could occur, convincing the caller to disclose personal/financial information. This type of phish can be used to deliver malware by clicking the link, so if you do not recognize the request, please verify it with the individual through a different method (i.e., calling the individual) before taking any action. If you ever suspect one of these messages is suspicious, please call the Help Desk at extension 6911.
“ARE YOU AVAILABLE?” URGENT MESSAGES
An urgent phishing email is designed to get you to act fast. It might tell you that your account was hacked, will be deactivated, or to click a link to restore it. Fear makes people do things without thinking, so it’s important to not act rashly. Often, we have these email conversations turn into requests to purchase gift cards or send money through personal accounts that are not overseen by NEOMED security tools.
NEOMED has a policy in which gift cards will never be asked of you via email. Emails regarding your account will often come from the NEOMED Help Desk or NEOMED IT personnel. If you ever suspect one of these messages is suspicious, please call the Help Desk at extension 6911.
LOGIN OR PASSWORD MESSAGE
Another type of phishing email asks you to verify your account by logging into a (fake) webpage or updating your credentials. These emails can collect your username and password, giving a malicious individual access to your account. And now, there are fake websites that will appear to be sending multi-factor authentication (MFA) requests to your device, which will trigger when you enter your credentials. By responding to the MFA prompt, you may think you may be logging into your account, but instead, you have provided the individual on the other end access to your NEOMED account.
REWARD OR FREE GIFT MESSAGE
Free things are enticing, but they can also be dangerous. If you get an email saying you won a free TV or “click here to enter a prize drawing,” be on high alert. Malicious individuals are trying to bait you into clicking a malicious link. If you ever suspect one of these messages is suspicious, please call the Help Desk at extension 6911.
WHEN IN DOUBT, REPORT IT OUT!
If you think you may have encountered a phishing email, the quickest way to report it is to use the “Report Message” button in Outlook. Using this built-in tool will train your inbox to better recognize junk and phishing emails. If you suspect a message to be phishing, under the “Home” or “Message” tabs in Outlook, you can click the “Report Message” button and select “Phishing” from the drop-down menu.
Alternatively, you can forward a phishing email to itsecurity@neomed.edu.
Regardless of the method, the sooner you report a suspected phishing email, the sooner NEOMED IT Security personnel can act on it. There are no consequences to reporting a suspicious email – when in doubt, report it out! And whatever you do, do not click on any links, reply to the email or send it to anyone else.
We sincerely appreciate your vigilance in keeping the University safe and secure! Stay tuned to The Pulse for more articles, tips, and best practices throughout the rest of October.