Simulated Phishing Test

WHOOPS!

Looks like you clicked a suspicious link

Don't Worry

This was just a test in coordination with Excelsior Springs Hospital IT Department to see how many people would click it

This is how Phishing Attacks Happen

Learn More

See How You Can Prevent Yourself Phishing

What Is Phishing?

Phishing (pronounced: fishing) is an attack that attempts to steal your money, or your identity, by getting you to reveal personal information -- such as credit card numbers, bank information, or passwords -- on websites that pretend to be legitimate. Cybercriminals typically pretend to be reputable companies, friends, or acquaintances in a fake message, which contains a link to a phishing website. - Microsoft

 

What To Look For

Here are some ways Microsoft suggests to recognize a phishing email:

  • Urgent call to action or threats - Be suspicious of emails that claim you must click, call, or open an attachment immediately. Often, they'll claim you have to act now to claim a reward or avoid a penalty. Creating a false sense of urgency is a common trick of phishing attacks and scams. They do that so that you won't think about it too much or consult with a trusted advisor who may warn you.

    Tip: Whenever you see a message calling for immediate action take a moment, pause, and look carefully at the message. Are you sure it's real? Slow down and be safe.
     

  • First-time or infrequent senders - While it's not unusual to receive an email from someone for the first time, especially if they are outside your organization, this can be a sign of phishing. When you get an email from somebody you don't recognize, or that Outlook identifies as a new sender, take a moment to examine it extra carefully before you proceed.
     

  • Spelling and bad grammar - Professional companies and organizations usually have an editorial staff to ensure customers get high-quality, professional content. If an email message has obvious spelling or grammatical errors, it might be a scam. These errors are sometimes the result of awkward translation from a foreign language, and sometimes they're deliberate in an attempt to evade filters that try to block these attacks.
     

  • Generic greetings - An organization that works with you should know your name and these days it's easy to personalize an email. If the email starts with a generic "Dear sir or madam" that's a warning sign that it might not really be your bank or shopping site.
     

  • Mismatched email domains - If the email claims to be from a reputable company, like Microsoft or your bank, but the email is being sent from another email domain like Gmail.com, or microsoftsupport.ru it's probably a scam. Also be watchful for very subtle misspellings of the legitimate domain name. Like micros0ft.com where the second "o" has been replaced by a 0, or rnicrosoft.com, where the "m" has been replaced by an "r" and a "n". These are common tricks of scammers. 
     

  • Suspicious links or unexpected attachments - If you suspect that an email message is a scam, don't open any links or attachments that you see. Instead, hover your mouse over, but don't click, the link to see if the address matches the link that was typed in the message. In the following example, resting the mouse over the link reveals the real web address in the box with the yellow background. Note that the string of numbers looks nothing like the company's web address.

What To Do

Report a suspected phishing scam

  • Microsoft 365 Outlook - With the suspicious message selected, choose Report message from the ribbon and then select Phishing. This is the fastest way to report it and remove the message from your Inbox, and it will help us improve our filters so that you see fewer of these messages in the future. For more information see Use the Report Message add-in.

  • Outlook.com - Select the check box next to the suspicious message in your Outlook.com inbox. Select the arrow next to Junk, and then select Phishing.

  • Forward to your IT Department Immediately

If you’re on a suspicious website:

  • While you’re on a suspicious site in Microsoft Edge, select the Settings and More (…) icon towards the top right corner of the window, then Help and feedback > Report unsafe site.  Or click here.

  • Tip: ALT+F will open the Settings and More menu.

  • For more information see Securely browse the web in Microsoft Edge.

What to do if you think you've been successfully phished

If you're suspicious that you may have inadvertently fallen for a phishing attack there are a few things you should do. 

  • While it's fresh in your mind write down as many details of the attack as you can recall. In particular try to note any information such as usernames, account numbers, or passwords you may have shared.

  • IMMEDIATELY NOTIFY IT SUPPORT folks at your work of the possible attack. If you shared information about your credit cards or bank accounts you may want to contact those companies as well to alert them to possible fraud.

  • Immediately change the passwords on those affected accounts, and anywhere else that you might use the same password. While you're changing passwords you should create unique passwords for each account, and you might want to see Create and use strong passwords.

  • Confirm that you have multifactor authentication (also known as two-step verification) turned on for every account you can. See What is: Multifactor authentication

For Questions about this test or to learn more about Excelsior Springs Hospital's Cyber Security Policies
Contact Angela Riley - ariley@esmc.org

Thank You For Your Help Securing Your Company's Data and Information!