Phishing Email Summary
A variety of phishing emails targeting health care providers, the public health sector, and other healthcare related organizations and their data.
These phish attempt to trick the recipient into following links that download malware and ransomware, often in the form of infected MS Office documents. They try to create a sense of urgency to trick the recipient into clicking by mentioning important job-related changes or time-sensitive workplace information. Common false claims in these phish include:
- Changes in the recipient's salary, awards of bonuses, or offers of other workplace financial incentives.
- Requests to participate in employee surveys.
- Requests to review work-related documents prior to upcoming meetings.
- Requests to view documents related to employee complaints.
- Changes to employment status, including dismissal from employment.
Some versions of this phish are branded with the company name One Medical, others use signatures claiming to be from "payroll assistant" or "accountant" to make email look more official.
How to Protect Yourself and U-M
If you are ever suspicious about an email message, report the message using the directions in Phishing & Suspicious Email.
Be wary of unexpected email or email attachments.
- If the email is unexpected and from a known person, unit, or organization, contact the sender via a different email (not a reply!) or by phone to see if they really sent the unexpected email. If they say they did not send it, report the email.
- If the email is from an unknown person or company and seems suspicious, report it.
Do not download or open unexpected docs or attachments. In particular, be cautious of:
- Unexpected MS Office docs which can contain dangerous code in their macros. See Office Doc Dangers: Macros & Enabled Content Pose Risks for more details.
- Zip files or other compressed files.
- Any file that is a program, executable, or script.
Check links before clicking them. Hover over all links and look at the URL before clicking. If a link seems to point to something other than what is claimed in the email, do not click it, report that email.
