1. News
  2. Look out for sophisticated cyberattacks, including emails, messages, and phone calls

Look out for sophisticated cyberattacks, including emails, messages, and phone calls

There has been a series of phishing and social engineering attacks recently targeting organizations including healthcare establishments. We have seen a significant increase in sophisticated social engineering attacks recently, and we want to remind everyone to stay vigilant and be proactive in safeguarding our personal and professional information.

What are Social Engineering Attacks?

Unlike phishing attacks, which are deceptive emails, messages, or websites that appear legitimate to steal your sensitive information, social engineering involves gaining the trust of an individual via phone, chats, or messaging so that they unwittingly divulge confidential information.

Here is how to safeguard yourself and our organization from these dangerous attacks:

  1. Be Cautious with Links: Hover over links to see the actual URL before clicking. If the link looks suspicious or unfamiliar, do not click on it. If you cannot see the links on your smartphone, ignore the message and links till you can verify.
  2. Verify the Source: Always check the sender’s email address and look for inconsistencies or unusual requests. Do not click on links or download attachments if something seems off.
  3. Keep Your Information Private: Never share your account information, passwords, or personal details through email or messages. The University of Rochester, URMC, or UR Medicine will never ask for your password via email.
  4. Report Suspicious Activity: If you receive a suspicious email or message, report it immediately to the University IT Help Desk (585-275-2000), ISD Service Desk (585-275-3200) or forward the email as an attachment to abuse@rochester.edu.
  5. Use Strong Passwords: Ensure each account has strong and unique passwords. Consider using a password manager to keep track of them securely.
  6. Be Skeptical of Unsolicited Requests: Be wary of unsolicited requests for information, whether they come via email, phone, or in person. Verify the identity of the requester through official channels before providing any information.
  7. Educate Yourself and Others: Stay informed about common social engineering tactics, such as pretexting, baiting, and tailgating. Share this knowledge with colleagues to help them recognize and avoid these threats.

We can collectively protect our digital environment and personal information by staying vigilant and following these best practices. Thank you for your attention to this important matter and for your continued commitment to cybersecurity.

University IT

URMC Information Security Office

URMC Information Systems Division

URMC Privacy Office