Vanderbilt issues warning about email spoofing, phishing attacks

Register now

A warning has been issued to the staff at Vanderbilt University Medical Center about email spoofing and phishing attacks.

The Nashville, Tenn.-based healthcare organization’s enterprise cybersecurity unit has detected phishing emails being sent using stolen or falsified names of employees to lure their colleagues into unknowingly engaging in fraudulent financial activity. In fact, it’s become almost a daily occurrence for someone at Vanderbilt to receive a phishing email, according to the unit.

“A recent example uses an employee’s name in an email to a colleague to encourage the recipient to quickly purchase and send along check cards,” states an announcement from the medical center. “The email usually comes from a phony email address that may only be one or two characters different from the real account, or it can come from a real account that has already been compromised.”

VUMC noted that since 2016 the volume of phishing emails has increased in the top five targeted industries—including healthcare—by about a third.

Also See: Data of 1.4M UnityPoint Health patients at risk after phishing attack

The cybersecurity unit offers some best practices for helping to identify an email phishing attempt. In particular, they recommend the following:

  • Never give out your personal information—to anyone.
  • Check embedded links and hovering over the link to see the URL—but don’t click on it. In fact, never click on any links or open any attachments that you are not expecting to receive.
  • Verify the display name of the sender to make sure you recognize it.
  • Check the body of the message to see if it contains mistakes or strange language, threatening or urgent language, as well as check the signature of the message—most professional emails will have a signature line.
  • If you receive an email from someone you know that seems unusual, give them a call to verify they sent it to you before opening it.

“Often, simply looking at the sender’s email address can help you quickly determine if an email is fraudulent,” according to VUMC. “A phish is made to look like a legitimate email, be it from a friend, a business or even an organization.”

For reprint and licensing requests for this article, click here.