Last week, ITS conducted an internal phishing exercise in order to gauge how well-prepared Weill Cornell Medicine is for an actual phishing attack, as well as to help educate anyone who may have fallen for the phishing attempt on how to avoid doing so in the future.
Below is the email that was sent to everyone at WCM:
How do I report suspicious emails to ITS?
Tagged devices, including smartphones and tablets, now have Phish Alarm available when using Outlook or the Outlook mobile app. Depending on which version of Outlook you are using, you’ll see a button or dropdown menu with three dots when you open an email that prompts you to Report Phish:
While our spam filter blocks thousands of spam and nefarious messages daily, a few may occasionally be delivered to your inbox. You can report suspicious emails by clicking the Report Email to ITS Security button in Outlook. ITS will review your submission and send an email back to you confirming whether or not the email is spam or malicious in nature. Note that anyone at WCM is subject to phishing, so if you are even remotely suspicious of an email, it's best to err on the side of caution and report it to ITS for further investigation. Your submissions help to block similar messages in the future.
Not using Outlook for your email?
If you’re not using Outlook as your email application, you can still submit suspicious emails to ITS by composing a new email to spam@med.cornell.edu and dragging the suspicious email into the body of the new message – which will attach the suspicious message – before sending it. Please note that you must attach the original email; simply forwarding the email does not include the original message headers (the tracking information to show where an email actually came from), which is necessary for analysis and preventing similar messages from reaching your inbox in the future.
More information on Internet Safety and Fraud Protection