Beware: Suspicious emails may be phishing attacks
Employees who receive a suspicious email are urged to avoid opening it and to forward the email to USA Health IT for review.
USA Health employees should be on the lookout for fraudulent emails from recently observed phishing attacks that could pose a threat to our organization’s sensitive information.
A phishing attack, or a phishing scam, is a cybercrime in which an attacker sends a fraudulent email pretending to be someone (such as the CEO of your organization) or something they’re not (Google), in an effort to extract sensitive information from the recipient.
The attacker attempts to create fear, curiosity and/or a sense of urgency to entice the receiver to comply when prompted to open an attachment or provide sensitive information (such as a username, password, or credit card number).
“The senders of the phishing email are not interested in who you are,” said Carrie Pace, assistant chief HIPAA compliance officer for USA Health. “They are casting a net and hoping someone bites.”
Employees who receive a suspicious email are urged to avoid opening it and to forward the email to USA Health IT for review.
USA and USA Health employee email addresses are listed publicly on the directory on the University of South Alabama website. While a public directory is necessary to facilitate legitimate communications, it also can expose employees to unsolicited or unwanted malicious emails.
These are a few types of phishing attacks:
- Spear phishing: A highly targeted form of phishing that focuses on a specific group of individuals (such as payroll personnel, researchers, medical providers) or organizations (such as healthcare organizations, legal representatives).
- Whaling: A form of phishing aimed at administrative or executive level individuals.
- Cloning: A legitimate email is duplicated, but the content is replaced with malicious links or attachments.
Here are some phishing-related statistics:
- It is estimated that 95 percent of targeted attacks against specific organizations began with a targeted spear-phishing email. This means that today, criminals depend on human flaws as much or more than system flaws.
- Frontline staff is targeted two times more than middle management and 1.3 times more than executives. Staff also is thought to be two times more likely to interact with a phishing email.
- An estimated 80 percent of tested business users fail to detect at least one of seven phishing emails. It takes one click on a malicious link to cause reputational and/or financial harm to an organization.
View an example of a phishing email.
