Phishing Emails
Important Notice
If you are reading this page because you believe that you may have inadvertently disclosed your username and password to a 3rd party due to a phishing email, please immediately contact the Service Desk on 03333 055 622.
Introduction
Email phishing and associated malware are a part of life these days. Despite our best efforts and various technologies used to stop these getting to your inbox, you will from time to time receive email from malicious parties whose aim is to get yo you enter your username and password into a website that they control, so that they can use your account for their own purposes.
It is important to arm yourself with healthy scepticism when receiving emails that encourage you open unexpected attachments or go to websites that will ask you to enter your username and password. The emails are increasingly sophisticated and frequently look and feel like something you would receive from Microsoft or other big vendors.
How do I recongnise these emails?
It can be difficult to do so, but here are some tips:
- Are you expecting the email from the sender? Or the attached file?
- Does the email address align with what you expect? Some scammers like to swap around letters close to eachother so that it looks like the real address, but isn't (for example: dentexhealth.co.uk vs dentexheatlh.co.uk)
- Is there an unexpected request to transfer funds, or change payment details for something?
- Does it say something like 'Dear firstname.lastname' in the body of the email? This suggests the sender doesn't actually know who you are, and have taken the first part of your email address and used it as your name in the greeting.
We have also enabled some warning straplines in email to confirm when an email is being sent from outside the business. These will help to understand if the email is legitimate. For example:
- You receive an email supposedly from a member of staff, but it is marked with 'CAUTION: External email'. This will indicate that the email was sent from outside the company, and could be someone attempting to impersonate a member of staff.
A common approach is to send an email saying that you have a voicemail to retreive. An example is reproduced below:
- The first thing that will help you to identify this as a phishing email is the 'CAUTION: External email' notification - the voicemail service is an internal email, and will never be marked with this.
- The sender of the email is a randomly generated address (9khodpqbzb@voip.0365messagecenter.com) that looks like it might be legitimate, but is not.
- The 'message' is a web page, which will redirect you to enter your username and password instead of being an audio file that you can play
For example, a real voicemail message from Dentex will look like:
- The email is internal, with no CAUTION strapline
- The sender is also internal "Dentex PBX Server", with a @dentex.health email address
- The attachment is an audio file that you can play directly from the email without having to log in
- The 'To:' line in the body of the email will reference your extension number directly
I'm still not sure, what can I do?
If you think an email is suspicious, but aren't sure, you can always contact the Service Desk who will be more than happy to check it out for you. The details for contacting the Service Desk are below.
I think I've clicked on a phishing email and entered my credentials
It is vitally important that you contact the Service Desk as soon as possible. In some cases, accounts have been compromised just minutes after the details have been entered into the malicious website, so it is important to notify us immediately. The details for contacting the Service Desk are below.
What else can I do to protect my account?
If you handle sensitive data on a daily basis or if you are concerned about your account being compromised, we strongly recommend that you enable multi-factor authentication. This will involve setting up an app on your phone that will validate any login from your account, in addition to your password. Once enabled, it would mean that even should your username and password be compromised, it will not be possible for a malicious party to log into your account. Please contact the Service Desk for more information if you want to set this up and we will run through it with you.
Contacting the Service Desk
You can contact the Service Desk via:
Telephone: 03333 055 622
3CX: x4848
Email: support@dentex.health
Website: https://my.dentex.group/support