Skip to main content

Information Technology News

Case Study 2: Phishing Awareness and Security

Posted by on Thursday, October 8, 2015 in News.

This is the second of a series of case studies to be released during October for National Cybersecurity Awareness Month. Vanderbilt IT will publish new case studies Mondays and Thursdays throughout the month.

The healthcare industry has become a large target for phishing because of the amount of accessible data.

In April 2015, Seton Healthcare Family, a part of Ascension health, sent out emails to more than 39,000 patients to inform them that their personal information had been compromised due to a data breach. The data, which included patient addresses, insurance information, Social Security numbers, medical records and credit card information, was compromised due to a phishing email sent to the organization’s employees.

What is Phishing?
Phishing is the act of sending emails to a group of individuals in order to gain proprietary information. The emails are designed to trick the recipients into clicking on a link that directs them to a spoofed/ fake website. The fake website then requests personal information, such as name, email, password, usernames, address and bank information, which is later used to gain access to data within a network, send more phishing e-mails as a sender within an organization or to gather personal information to use for a financial gain.

The best practice in phishing prevention is awareness. It is essential to know what to look for and how to report it to the appropriate parties so that Vanderbilt IT can block the URL on the Vanderbilt network.

Ways to Spot a Phishing Email

  1. Check the sender’s email address to see if it is a Vanderbilt employee. A phish will usually be generated from external sources.
  2. Check the spelling and grammar. Most phishing emails originate from a foreign country or are created hastily. Notice the grammar and spelling mistakes in the excerpts below from recent phishing attempts on Vanderbilt:

“We currently upgraded to Saver to 50GB inbox space. Please log-in to your user account to validate E-space.”

Discarding this notification, your email account will be blocked within 24hours of getting this notification, you will be denied access to your account.”

“Regards to your e-mail service provider, IT SERVICE CENTER detect a virus which has been send to Our webmail users this virus Trojan Horse and Emails worms contains harmful effect destroying certain files on your hard disk and causing the attachment to be re-mailed to everyone in your address book soon your email may begin to lose some important features such as your incoming messages, spam and other folders.”

  1. Check the web address of the link, but do not click and go to the site. This is usually the best way to determine if it is an actual Vanderbilt page.
  2. Most phishing sites will not hide the password characters when a user is logging in.

What to Do When You Receive a Phishing Email

  1. Call the help desk to report the suspicious e-mail.
  2. Do not enter any information on a website if clicked, and run a virus scan on the computer the website was accessed from.
  3. Delete the message after it has been reported, and remove it from the deleted items folder.
  4. If you enter your information on a strange site, change your ePassword immediately and contact your support provider for assistance.

Phishing is one of the easiest ways for attackers to obtain information and will continue to be a persistent threat. If you notice a suspicious email, please report it to the help desk as soon as possible.

Remember, VUIT will never ask you for your credentials. If you are ever in question, always ask before clicking.