A recent report about internet security threats found that reported breaches increased by 22 percent last year, with the health care industry ranking second to business services in the number of incidents.
The report also found that for the health care industry, one in 4,375 emails were phishing attempts. That number might not sound too bad, but think of the number of emails you receive during a given week. Now think of the number of employees we have. Start to see the scope of the problem?
Phishing is everywhere
Defined as any attempt via email to get a person to reveal confidential data for the purpose of committing fraud, stealing money or trespassing on computer systems, today Phishing is a term synonymous with online fraud.
Over the years, the most common attempts have become cultural in-jokes: the Nigerian prince scam, the Foreign Inheritance trick, the Start-Up-Pay-Off scheme. Unfortunately, not all attempts are so blatant.
According to Augusta University Chief Information Security Officer Walter Ray, the best Phishing scams are the ones that feel “safe.”
“The most sophisticated phishing attempts closely mimic our own login pages,” Ray said. “They use our logo, they use the legal language displayed on all of our pages and they even reference the correct number for our Information Technology (IT) Help Desk.”
According to Ray, in the wake of previous attacks, victims of Phishing scams usually couldn’t pinpoint the moment they’d given away their information.
“People don’t always remember providing their username and password in a phishing attack because nothing stands out to them,” Ray said. “The scam site looks just like the site they’re logging into every day.”
Falling prey to such an attack can be frighteningly simple. But Ray cautions there are ways to avoid becoming a victim.
The first is learning to spot the “hooks.”
“Generally, if you aren’t expecting a link or an attachment from someone, you should always be suspicious of receiving one” Ray said. “One way hackers try to bypass that suspicion is by creating a sense of urgency in the message, saying you’ll lose access if you don’t act or provide your information quickly.”
Another method involves creating a false sense of security, such as posing as a member of the institution using an outside email address for convenience.
“If the link takes you to a non-Augusta University related website, that should be your biggest clue that something is wrong,” Ray said.
The second trick is knowing who to trust.
“No one from the IT Help Desk will ever ask for your login credentials over the phone or via email to help you resolve an issue,” Ray said. “We also don’t use pop up messages telling you to call the Help Desk on any of our webpages.”
The third technique is by far the simplest: be vigilant when inputting your username and password and report suspicious activity by sending an email to email@example.com or firstname.lastname@example.org or by calling the IT Help Desk at 706-721-4000.
“Your password is considered one of the most sensitive pieces of information you’re going to deal with at Augusta University, because that’s your key to the kingdom, so to speak, that’s going to get you access to our systems,” Ray said. “Always maintain a high level of vigilance and report anything suspicious.”