Home Blog Post


By Kelli Ogunlesi, HIPAAwise Success Manager Phishing is a scheme that uses fraudulent email messages, designed to impersonate a legitimate organization or person. These messages are designed to trick the recipient into downloading harmful attachments or divulging sensitive information such as passwords, bank account numbers, and Social Security numbers. Over 90% of data breaches today can be traced back to a phishing attack. What to look for:
  • Communications or forms requesting sensitive data, like passwords or bank account information
  • Language or imagery that creates a sense of urgency
  • Information that evokes strong emotions, like greed or fear
  • Messages that contain links or language that do not appear to match legitimate resources for the organization contacting you
  • Pay attention to website URL’s. Malicious sites will try to mimic the legitimate site, but the URL may have a different spelling, a different domain (for example - .net instead of .com), or something just may seem off. Trust your instincts and when in doubt, always report it!
What to do if you think you suspect malicious activity: If you suspect that you are receiving malicious communication to your work email that appears to be coming from a known sender, your first instinct may be to either ignore or delete suspicious emails. Please do not delete the mail; instead, report it to your security team.