A Matter of Your Personal Security Phishing

Beware of Phishing s Several employees received an that looked legitimate, as if it was being sent directly from Christiana Care. Those employees clicked on the link within the , which unintentionally gave the hacker their network login information. Consequently, the hacker was able to access their Workday account and change their direct deposit information. As a result, their bi-weekly pay was directed to the bogus bank account. Don’t let this happen to you! Listen to what happened to several of your colleagues:

What is “Phishing?” An attempt to acquire sensitive information such as usernames, passwords, and credit card/bank account details, often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.” -Wikipedia

How do I know if it’s a phishing ? Common characteristics of phishing s: Addressed to a generic or group recipient Appear to be sent from someone known to the receiver or a trusted organization (i.e. CCHS) Convey a sense of urgency, prompting the receiver for immediate action Contain blank To: or Cc: fields Subject line is uninformative and/or doesn’t reflect the content Signature is often vague or generic Prompts you for a username and/or password, or other sensitive information Occasionally includes misspelled words, grammatical errors, or other confusing information

Do’s and Don’ts of Phishing s Click on an unfamiliar link or open an attachment in an from an unknown or untrusted source Provide anyone with your username, password, or any other sensitive account information, even if the message appears to be coming from CCHS Enter private or personal information in a popup window Enter private information on a website without first checking for in the URL and a lock icon DON’T

Do’s and Don’ts of Phishing s Use caution when opening unsolicited messages. Pay special attention to the name of the website. Often times they look very similar and only deviate by 1-3 letters. For example: vs. Hover your mouse pointer over the embedded link, or retype the address in a new browser, to see if it is taking you to where it claims to be. Check the sender’s address to make sure you know the person/organization that sent the message. Review the subject line of the message for suspicious/strange language, or directions to open an attachment or click a link. Report suspicious activity as junk by clicking the “Junk” button on your Outlook toolbar. Use caution when checking your on a mobile device. Consider changing your other passwords (i.e. to your personal accounts) DO

When in doubt… Consider deleting a message if it contains a link or an attachment that you weren't expecting to receive. Be sure that you delete the message without opening the attachment. CCHS will NEVER ask you for your 801# or password for any reason, especially via . Report suspicious activity as junk by clicking the “Junk” button on your Outlook toolbar. Contact the IT Customer Service Center.

What Does This Mean To You? If a hacker has access to your username and password, he also has access to your personal information AND your work information, such as: Date of birth Social Security Number Benefit information Bank account numbers Tax documents Work CCHS systems (i.e. Powerchart) Having access to this sensitive information could put your personal identity and our patients at risk.

This is Phishy! Conveys a sense of urgency Appears to be sent from someone known to the receiver or a trusted organization Signature is vague or generic Prompts to change account information

This is Phishy! Actual link Addressed to a generic group or recipient Conveys a sense of urgency