IT Security Alert: Scammers Target Methodist by Mimicking Office 365 Login Site

Scammers are targeting Methodist Health System employees and students with fake emails claiming that their accounts have been disabled or their passwords have expired. The email directs you to provide your email address and password for verification. Clicking the link in the email will take you to an authentic-looking (but fake) Office 365 login website.

These attacks are affecting numerous industries and have targeted individuals within our organization. This is a persistent threat, and messages continue to look more legitimate each day.

Those who fall victim to these attacks are giving their usernames and passwords to the attackers who can then access EVERYTHING associated with their Office 365 accounts, including:

• Confidential business, personal or even patient information
• Any account that shares a password with your Office 365 account

To protect you, our patients and our organization, the Information Security team is rolling out an awareness campaign to quickly inform you how to identify these types of malicious emails and avoid being tricked.

Let’s look at one email example.

What To Look Out For

Examine the Sender

• The sender’s address may include the words Office365 and tech support to fool you.
• But look closer: The email is really from techsupport-corp.com, not Microsoft, Office365 or Methodist Health System.
• Don’t be fooled by domains just because they include brand names.

Consider Content in Context

• Is this email expected? Is this how Methodist support typically contacts employees and students?  
• Be careful with unexpected invitations of technical support, even when they look legitimate.
• Scammers often research to find businesses and people familiar to you to increase their legitimacy and gain your trust.

Protect Your Passwords

• Legitimate companies, including Methodist, will never ask you to verify your password.
• Never follow a link you haven't confirmed is legitimate and then provide your username and password.
• These links often appear legitimate, but once you provide your login credentials, the hackers can control your account and possibly more.

How Can You Protect Yourself, Methodist and Your Patients?

1. Stop and think. Don’t immediately interact with the email. Take your time to evaluate it.
2. Once you’ve evaluated the email, choose the best next step:

• If the email looks legitimate, verify it with the sender. Don’t reply directly to the email. Use another means of communication.
• If you believe the email could be a phish, report it by clicking on the “Report Phish” button.