Please do your part! Stay informed about cybersecurity to protect yourself, our patients, and SolutionHealth.
There are many scams that are designed to trick email users into divulging sensitive information. That includes spoofing, the act of disguising a communication from an unknown source as being from a known, trusted source.
Beware of Emails Spoofing Our Domain
While we have many tools in place to try and prevent access to our network, it is possible for an attacker to spoof one of our domains. If they do this successfully, it will not trigger the “External” warning banner at the top of the email. These attempts have been seen in our environment, typically claiming to be from IT and that the recipient must click a link to validate their account. Please note that the IT department will never do this.
Beware of Emails Impersonating Leadership
Another common phishing tactic is to try and impersonate someone of importance within the organization and trying to pressure users into either divulging information or performing “quick favors.” These can range from buying gift cards and sending the activation codes via email, to updating an executive’s direct deposit information to a new bank account. If you receive requests like these, never hesitate to report them—the Security team will review and respond as quickly as possible.
This email is an example of a phishing attempt. A link inside the email brings recipients to a fake Outlook login page designed to steal your username and password credentials. There are some “red flags” that will help you spot this scam:
- The sender’s address is not from a SolutionHealth, SNHH, or EHS email domain.
- In the body of the message, the external warning banner is displayed. For SNHH users, the banner will be yellow, for EHS it will be blue (see examples below).
- If you hover over the link in the email, it is not what it claims to be.
- Language in the message tries to pressure the recipient into complying by stating there is a hard deadline.
- There are multiple spelling and grammar errors throughout the message.
- The message closes with a signature that contains no last name and no contact information (and our HR Director’s name is not Dawn)
When in doubt, report the suspicious message.
If you receive an unexpected email that pressures you to click a link, open an attachment, or provide sensitive information, use the Phish Alert. The Security team monitors these messages and will let you know if the message was malicious or send it back with the “all clear” if it is legitimate.
Did this email come from within SolutionHealth?
If an email came from outside of our network, it will come with an external warning banner. Not having the banner is not a guarantee of legitimacy, but anything external and from an unknown sender should always be treated with caution.
Questions? We are here to help!
Ashley Guerrier, Security Analyst
Dylan Myers, Security Engineer