Recently, a phishing email made it into the system at Loma Linda University Health.
Unfortunately, a few people clicked the link in this malicious email. The link in this mail took the user to a website that convinced him or her to enter their username and password. This information was then used by the phishers to gain control of the user’s email account through our Webmail application.
The phishers then unleashed a massive storm of spam email that went out on the internet. Other email systems saw this storm of spam mail coming from Loma Linda University Health and, in an automated process, blocked all email coming from the organization. This led to the @llu.edu email domain being put on several blacklists. Many companies and institutions follow these blacklists and use them to help protect their own email users. Once this happens, the email flow comes to a halt and many outbound emails are not delivered to intended recipients. Getting an email domain removed from the blacklist is a long and tedious process that can take several days.
How can you spot malicious email?
There are usually a few small things that show up in a malicious email to give it away. Often there will be poor English grammar and/or spelling mistakes. Often there will be an overt attempt to make you think it is a legitimate email; there will be copyright statements or a signature line that says it is from Microsoft or another legitimate-sounding company.
Often the malicious email will have a call to action that claims dire results if you fail to comply. These are statements such as, “Click here to update your account or it will be deleted.”
Loma Linda University Health will never send out an email that threatens account deactivation if you fail to comply.
Loma Linda makes every effort to not include clickable links when sending mails about passwords or accounts. Occasionally there will be a link in an email, but it will be thoroughly explained.
Please only change your password by going to the Swap system, found at the MyLLU portal.
If an email has a link in it, think twice, be smart; don’t just click it because it is there. Think about what the link is supposed to be doing. Does it say to change your password? Again, Loma Linda University Health does not do that.
Skeptical hover
When it comes to following links in your e-mail, you need to be a link skeptic. Many of the scams and viruses on the internet today are pushed out through links in emails that appear to be legitimate but are in fact carefully crafted to fool most users. This is done with the help of the programing language of web pages (HTML) that allows for links to show up as words instead of complicated internet addresses.
For example, a link can be displayed as MyLLU or as its URL, https://myllu.llu.edu/home/students/.
The first one is easier to read and has more meaning to the user visiting a web page.
But, any words at all can be used to fool users about the link those words actually point to, such as “Click here for free cash.”
In most modern browsers, you can hover your mouse over the words of link, and it will display the true destination of the link in the lower left corner of the browser window.
A real-life example of a link not going to where you would expect was found in a legitimate-looking PDF that goes to a copy of the Adobe website, where you will find your login credentials requested. Always check the URL of a website. The same thing could happen with websites trying to steal your banking information and other important information.
Educate yourself
Knowledge is a powerful thing; the more you know the safer you can be. Here are a few links to sites that can help explain the threats and teach how to detect and avoid them. If nothing else, please take the quizzes so you can have some practical experience spotting scams.
Phishing quizzes:
• https://www.opendns.com/phishing-quiz/
• http://www.sonicwall.com/furl/phishing/
Explanation of phishing and identity theft from the federal government:
• http://www.consumer.ftc.gov/articles/0003-phishing
• http://www.consumer.ftc.gov/features/feature-0014-identity-theft