You started out your day as you normally do with your cup of coffee and a moment to catch up on email before your day gets going, when you see a message in your inbox from someone in Management. You open the email and read a request that is unusual (asking for your username and password, or Credit Card information (Pro Card, Personal, etc.) from a manager that you don’t directly report to, but you think “Hey, I’m a team player! Of course I want to help Madam Manager out!”. That instinct – that desire to help someone – that is what makes you a great person to be on a team. BUT…stop and ask yourself – WHY is this request coming to you at all?!? That pause can mean the difference between a safe and a compromised account.
If it feels like we’re spending a lot of time talking about Phishing, it’s because we ARE! Scams are not new, but the methods that bad actors are using to implement them are only going to get more sophisticated. Phishing (email) Vishing (voice mail) Smishing (text messages) are prevalent. They tap in our human nature – our willingness to help and to be a team player. Human nature – gets you every time!! Here at UMPO, we have tools in place to block and remove an overwhelming number of phishes before they even get to your inbox – but tools are only as smart as they’re tuned and configured to be. That’s why the REPORT PHISH button is so important. Our implemented tools automatically analyze the message for malicious content (bad links, imbedded technology, etc.,) and will help block future messages before they reach anyone else’s inbox.
So – what are the take aways here?
- SLOW DOWN! Your instinct to help is great! But slow down…nobody - repeat NOBODY should be asking you for ANYTHING that would require your log in credentials or financial information. If they are…something is wrong.
- Verify THEN Trust: If a message is coming from someone you don’t normally hear from, confirm the request by another method:
- Slack them
- Send a NEW email – not a reply
If the request is legitimate, they will confirm it! Better to be SAFE then compromised.
- Look for the EXTERNAL SENDER message bar. If the message is ‘supposed’ to be coming from internal to the President’s office, this bar will not be there.
- Finally - If it looks suspicious – click the Report PHISH button. You want to be a team player? This is the BEST way to be that!
There will be more Phishing Campaigns in the future – and I can promise you – we’re not going to make them easier. We want you and all of us here at UMPO to keep each other safe.
Thanks, from the Information Security team!
Danny Galvin, Nick Bonczyk, Iris Lyons