What the heck is phishing?

Last week UC Davis reported that it was hit by a phishing scam in May. An employee at UC Davis Health received an email he or she thought was legitimate, clicked on a link in the email, and opened up UC Davis to a security risk. Fortunately the employee didn’t work with patient records, so it doesn’t appear that sensitive patient information was stolen. Still, 15,000 patients were potentially affected and were notified by UC Davis.

How does phishing work?

You might receive a fraudulent email that looks authentic and causes you some concern. Often the email will appear to be from your bank, Paypal, or Facebook, and it probably contains language like “Your account may have been compromised” or “We were unable to process your payment.” In order to solve the problem, you click on the link in the email.

Once the link is clicked, it may launch malware on your local computer and attempt to compromise the company’s entire network. Or it may take you to a site that asks for your account number and password, then steal that info if you enter it. It’s possible you may not even know you’ve been hacked by a phishing scam until later.

What can you do to protect yourself?

If you receive an alarming email about an account, don’t click on any links in the message. If the email says it’s from Paypal, then type www.paypal.com in your browser URL field and log in like you normally do. If your account doesn’t have any alerts for you after you log in, then it’s probably a scam email. You should immediately forward that email to spoof@paypal.com. Follow these same steps if the email appears to be from your bank. By typing the site’s real address into your browser field (or calling them on the phone), you’re bypassing the phishing scam’s method of capturing your info.

Other important tips: Keep your antivirus software current on all your computers. Don’t respond to emails that ask for money or payments. And make sure your employees know how to avoid being targeted by phishing scams.