You get an email from what looks like a WCM account. At first glance, it looks harmless enough, but then you start noticing something’s… odd. The spelling and grammar seem to be off, links look suspicious, or you’re even asked to provide some confidential information.
If your “spider sense” starts tingling, you’re probably dealing with a phishing attempt. Phishing is when an attacker sends emails with the intent of tricking you into clicking a malicious link, or providing sensitive information, like Social Security Numbers, credit card numbers, or passwords.
ITS works to prevent millions of attempts from reaching your WCM inbox each month, but, occasionally, a few manage to slip through. Here’s what you can do to protect your account.
Hey, this email seems phishy. What should I do?
There are lots of telltale signs that an email you’ve received is a phishing attempt. Check out the video below on how to spot a scam. If you are even slightly suspicious of an email you’ve received, don’t hesitate to send it as an attachment to spam@med.cornell.edu.
Oops, I accidentally clicked on a link or provided important information! What should I do?
Don’t panic. Immediately forward the email as an attachment to spam@med.cornell.edu or call the Service Desk at 212-746-4878 and explain the situation. ITS can then take the necessary steps to secure your accounts. If ITS detects that you may have fallen victim to a phishing email, we may take appropriate action to restrict access to your account, such as requiring a password change or using Duo.
Put your detective skills to the test
Over the next several months, ITS will be sending out phishing campaigns to @med.cornell.edu addresses. This will give you first-hand experience on what a phishing email looks like and what you should do if you receive one, in a safe and controlled environment. When you receive an email you suspect is a phishing attempt, you should not delete or ignore it. Instead, please forward the email as an attachment to spam@med.cornell.edu. If you click on the link in a phishing email sent as part of this program, you will be re-directed to our phishing awareness website for some helpful tips.
Get your office involved
Make sure your colleagues know where they can go if they suspect they’re being phished. ITS has set up its own webpage – phish.weill.cornell.edu – as a resource. Plus, you can also download some snazzy posters for your desk or office space at the bottom of our phishing page.
