AtlantiCare Information Security Education
Information Security Office, ISO
What Just Happened?
The e-mail you just clicked on was a simulated phishing e-mail, the same kind of e-mail that hackers use to steal information or download malicious software onto your computer. If this had been a real attack, your computer could have been compromised, simply by visiting a webpage. Rest assured that this time, no harm was done. To keep you and your data safe, your organization is periodically sending out these simulated phishing emails to educate users. |
Here are some ways to identify this was a Phishing attempt:
What is Phishing?
Phishing refers to sending an e-mail which tricks someone into clicking on a link or opening an attachment. The end goal of phishing is to steal valuable information, such as usernames and passwords.
Why Are We Sending Simulated Phishing Emails?
These tests are designed to help you. The lessons learned apply not only to work but to your personal life. If you have any more questions on what phishing attacks are, or on security in general, feel free to contact your Information Security Office (ISO) for more information.
Why Should You Care?
Clicking on links in phishing e-mails, or filling in confidential information on malicious websites, can put your data at risk - not only the company's but also your personal data. Through phishing emails, attackers can gain access to confidential company data, steal money from your bank accounts, and steal your identity.
What's Safe To Do, And What Isn't?
There is very little risk in simply opening e-mails. In almost all cases, opening an e-mail will not result in compromise.
The risk is in clicking on links or opening attachments. Attackers can e-mail you infected attachments which install malicious software, or "malware" for short. Clicking on a link can take you to a website which steals login or other valuable information. The website could also install malware on your machine without your knowledge.
How Can You Spot a Phishing E-Mail?
Phishing emails can be hard to recognize, and every phishing e-mail is different. Here are some telltale signs:
- Bad spelling and grammar: Simple phishing emails are often poorly written. If the content of the e-mail doesn't line up with what you'd expect from the sender, beware!
- Deceptive links: Move your mouse over any of the links in the e-mail, without clicking. You should see the address where the link will take you. If it's an e-mail from your bank, but the link doesn't display your bank's website, don't click.
- Sense of urgency: Is the e-mail claiming that you were charged an extraordinary amount on your cell phone bill, or telling you your e-mail account has been suspended? Be careful - somebody may want to push your buttons so you click on a malicious link. When in doubt, pick up the phone.
- No name in e-mail: Is an e-mail starting with Dear Customer but not including your real name? Chances are the fraudster doesn't even know who this e-mail account belongs to. Don't click.
- If you receive any "phishy" emails, please contact the Information Security Help desk at 609-569-7070 asking for next steps.