News

Email Phishing Security Update

Back to Employees Page
April 8, 2020

By Chad Ehmke, Chief Information Officer

The number of phishing attacks has gone up 600% since people have started Shelter In Place (SIP).  It’s very important that we are EXTRA vigilant about our emails at work and at home, because the attackers are trying to take advantage of the fact that we are physically disconnected.  Here are some very scary statistics regarding phishing scams:

  • 94% of malware is delivered via email
  • 65% of attacking groups used spear phishing as the primary infection vector
  • 48% of malicious email attachments are Microsoft Office files (Excel, Word, Powerpoint, etc.)

It’s a very boring but effective way to attack your personal computer or an organization’s computers, because people fall for it all the time.  Here are some phishing techniques people use:

  1. Deactivation scares:  These claim your account will be deactivated if you don’t follow a link, enter logon name and password, and take action.  The best way to mitigate this (if you think it’s legitimate) is to contact the company WITHOUT clicking on the link, and check with them.  You can do this by CLOSING the email, and typing the link for that company into your browser.
  2. Go directly to jail:  Phishing scams that use fake FBI warnings for illegal music downloading or watching pornography lead the way.  Fake threats from the IRS for tax return issues are also very successful.   They can also come over the phone.  If someone claiming to be the government is insisting you pay them money immediately, this second, to avoid some horrible consequences, it’s a fake.
  3. Tech Support scams:  These scams claim to be from Microsoft, or from another tech partner.  Their email or website contains official-looking toll-free numbers.  Fraudsters just buy an 800 number and set up an internet messaging service that routes calls wherever they want.  If you call, the ‘technician’ will ask you to install remote access and troubleshooting software.  It just goes downhill from there.  NEVER respond to one of these, always contact me or someone else in IT first!
  4. SEO (Search Engine Optimization) trojans:  One very common phishing scam tricks you into installing malicious software directly from the web by showing at the top of your search results.  If you have searched for tech support from a vendor, or for a driver, ALWAYS go to the vendor’s website for technical support you can trust, not to a ‘3rd party’ website that says they can help you solve the issue.
  5. Wire Transfer scams:  In these cases, external scammers will tell you the contact information for transfers have changed, and they will convince A/P to send funds to a fraudulent account.   These seem very legitimate, and have been successful at even the most sophisticated companies (like Google and Microsoft).  NEVER wire money to brand new locations without first verifying the legitimacy of the request and location.
  6. COVID-related scams:  Texts and emails that are being sent out are mentioning COVI-19 tests (mandatory or voluntary) that will have to be taken before you will be eligible for stimulus money.  It is showing up in text messages, email messages, phone calls, and social media posts.

If you are informed and remain diligent, you can defend your personal computer and our company.  If you ever have a question, do not hesitate to reach out to IT.

“Merging with USOSM has singularly been the most strategic, efficient and seamless decision that our practice has ever made in our 18-year history. This transition has made the practice of oral surgery enjoyable to a degree I never thought possible.”
Colin S. Bell, DDS, MSD
USOSM Chief Clinical Officer

How Can We Help You?

Ready to talk
Why USOSM