***Our company and clients security is in your hands. Be vigilant and report any suspicious emails to IT and we'll use our resources to help verify it for you. As a medical organization, we are a big target that nefarious people are and will attempt to compromise. This is most easily and often accomplished through email fraud.***
Types of email attacks Outlook users need to be aware of:
1. Malware through spam emails
One of the most common ways hackers compromise email accounts and servers is by sending Malware through a spam email. What happens, is that the hacker will send you an email with an attachment or a link to install software. They do this by either sending the email through an address they created to resemble a legitimate address you are familiar with, or by spoofing an address you are already familiar with. To mitigate this issue, always check the sender address before going to any link or downloading anything you are provided. It also never hurts to call the sender to verify. Do not send an email back until after calling and confirming that it is a legitimate email, as it's possible the hacker has taken over their account.
Remember-- If you get an email immediately requesting you pay them, sign something, or open a file, your first thought should be suspicion. If someone on the street demands money, a signature, medical documents, or a social security number, do you give it to them? No. Because that's not how conversations go. Emails are no different. If a stranger demands something in your first interaction, chances are they're not there to help.
2. Credential theft
Many hackers attempt to get your private information (such as passwords), by pretending to be different services. For example, you may receive an email that appears to from Microsoft that request you log into your account through a link. You would then follow that link, to find a login request. After trying to log in, it rejects your information every time as it is not a real login but instead an attempt to record the information you unknowingly provided. The hacker will then have your login information.
Since our company offers Multi-factor Authentication (MFA), in our case Authenticator, so that you need to accept a notification every time you log in, the chances of a hacker being able to get in is very slim. However other services do not have that luxury, and even MFA can get compromised.
No vendor should be sending links to login requests since this is such a common issue. If they do however, do not click on the link, but instead log in by going to the website. In the case of Microsoft making a request, just go to office.com and log in there.
3. Business Email Compromise (BEC)-- aka 'CEO fraud'
In this compromise, a hacker will attempt to gain information regarding the details to a contract or payment, and use that to steal money or important financial data. They gain this information by patiently studying the victim's activity (social media, habits, recent events). Once they have details about the contract or payment, they may send a bill (like a deposit), to the victim through a highly realistic email. Once they have what they want, they will disappear.
To fight this, make sure you are aware of the email addresses you are communicating with, and verify with the sender that they did in fact send that email before providing any sensitive information or money.