June 25, 2025
ITS is asking the WCM community to be vigilant about a potential surge of new cybersecurity attacks targeting staff at various organizations, including healthcare organizations. A group of hackers known as Scattered Spider have been using social engineering techniques to gain access to sensitive information across multiple companies in the US. Their tactics include, but are not limited to:
- Highly customized SMS text messages sent directly to employee phones:
- Example: Attention: Your Smart Service Desk Ticket has been modified, to view changes, please visit: hxxps://login.<redacted>.com/ticket/5752. This SMS was sent based on information provided by your employer’s Human Resources Department.
- Phone calls directly to employees
- Reaching out to IT staff through social media
- SIM card swapping
- Highly customized phishing pages designed to match target organization (expect the domain name to appear as: https://sso-(something related to WCM or NYP).com/)
How to protect your data
- Contact ITS to report any suspicious messages in your WCM email account. Use the Phish Alarm feature in Outlook or click on the “Report Suspicious” button at the top of external emails to send messages to ITS Security for analysis.
- Message its-security@med.cornell.edu to report suspicious text messages or phone calls purporting to come from ITS or a WCM colleague. Provide as much information as you can to help ITS identify whether it is a phishing attempt, such as screenshots, the number it came from, what time you received it, etc.
- Be mindful of clicking on unknown links. You can hover over a suspicious link with your cursor to preview the URL before you click it.
- Be suspicious of any unsolicited messages urging you to act immediately and provide personal details. Many scammers use fear to extract personal information from their targets. When in doubt, contact ITS for help at the information listed below.
And remember: ITS staff will never ask for your password!