As part of our Technology Tips series, we will be exploring many cybersecurity threats and tactics in effort to strengthen our security awareness. Please continue to check The Hub to learn more about new technology solutions can help you work efficiently, and how to stay safe online.
Phishing still remains the biggest threat to organizations like ours. Phishing comes in many different forms and with new tools at hacker’s disposal, it can be difficult to determine what is a phish and what is not.
Here is a real phishing email that was delivered to one of our Staff. Let’s break it down to show you what you should be looking for to help identify this as a phish: 
-
Sender Address. The Sender address is coming from IT Support with a strange email address. This is the biggest indicator since this is not an email address we have seen before. The MacArthur Foundation official support email is: Global Service Desk globalservicedesk@macfound.org; you will never receive official support emails from an external source. It is important to know our official IT support communication channels.
-
Sense of Urgency. The body has a sense of urgency stating you must take action today. Hackers know they have limited time and need you to act fast. They will push you to perform an action, click a link, or reply immediately. One of the best things you can do to avoid a phish is to simply wait. Waiting 48 hours usually is long enough for our internal security tools to gather enough information to proactively block a phishing threat.
-
Unfamiliar Actions. The MacArthur Foundation requires passwords to expire after 1 year. We will never send an email asking you to confirm your password. When your password is set to expire, the reminder to update your password will come directly from the Global Service Desk. If you see this request come from anyone other than the Global Service Desk, it may be a phish.
-
Suspicious Links. Tech Tip: You can hover your mouse over a link to see the full URL address. When you hover your mouse over a link, you will see "safelinks.protection.outlook.com" (this part prepends all MacArthur URLs) followed by the full URL. Notice that while the email body suggests this is a Microsoft or a MacArthur-related password, the full URL does not mention either and looks very unusual.
The MacArthur Foundation blocks over 500 phishing emails every day. On occasion, some may slip through and become delivered to your inbox. If you identify a phish, or if you suspect an email may be suspicious, report it using the Phish Alert Report button in Outlook. This will help us take proactive action to block future phishing attempts.
A very special thanks to many of the MacArthur Foundation staff who were able to identify this very REAL phishing email and report it using the Phish Alert Report button! Because of these Security All-Stars, we are able to proactively block these threats before they become a security threat.
Do not forget the mandatory Cybersecurity Training on SMS text messages and Phishing is due by June 30th. To complete the courses, please log into Workday through Okta and click the “Learning” icon. You can also access this by clicking here, and then “Start Course.”
If you have any questions or concerns, please feel free to contact me directly.