Holiday Health and #ToxicStress
Join #abcDrBchat Tues, Dec. 16, 1-2 pm ET #ToxicStress
What is it? How do you prevent it? How do you manage it?
When does stress go from mild to toxic, & what can you do about it?
Mayo Clinic's @AmitSoodMD & @DrAmyPollak will participate in the
#abcdrbchat w/ @DrRichardBesser to tweet about how stress harms your health.
Many departments have "Wellness Champions". It might be a good idea to also have "Computer Health" Champions in each Department. They could attend quarterly trainings on various network security (and other computer) issues, and pass this along face-to-face at department meetings. There are various levels of computer literacy in across the enterprise and it might be helpful to develop a few more super-users.
"More than 75 percent of recipients fell victim" …please clarify. My Outlook's setting has the "Reading Pane" always on. That means the content of the email displays on the "Reading Pane" for any highlighted email in the email list even when the email is not opened. Did 75% included that too? Btw, just in case you are wondering, like other junk emails that I delete without opening , I got suspicious and deleted this email without opening also.
Thanks for the update on what to do with suspicious emails. Past recommendation was just to delete them. What is the latest on recurring emails from outside institutions/companies/associations that we no longer care to receive. Unsubscribe or still delete? I have tried to weed them out with "Rules" but I get too many to do this practically.
Hi Candido, If you receive a suspicious email, we are asking you to report it using the Report Phishing button in Outlook. By reporting (in lieu of deleting) it allows the Security team to assess the risk of the email. More information about phishing can be found on the Office of Information Security’s website. Office of Information Security
I received this email and I can tell you exactly why I failed the test, what was going through my mind when I read the most recent test email. I had received a previous email a couple of weeks earlier that I thought suspicious for phishing. I reported the previous suspicious email, and received a response back that it was a false alarm, that because the email did not ask me for any personal information, it was not a phishing attempt but rather spam. So when I got the latest test email, and it did not ask for any personal information, I figured it was safe, not worthy of reporting, opened it, and BAM, fail. I am now more confused than ever about what to look out for and what to report.
I completely agree. This was a flawed test because the message in and of itself did not fit the definition of phishing. It most certainly could have been malicious because of a virus or other malware at the link destination, but the message itself made absolutely no indication that it was trying to compromise one's credentials or identity.
I failed the test. I had a birthday recently and was sent an online greeting card from a friend. The phishing scam asked me to click a link to receive a greeting that was waiting for me, but had no name in the From box. I think I would have been more suspicious if it came from an unfamiliar name.
I agree. Why would someone think that a greeting card would be suspicious? Someone could just be thinking about you.
I got caught with this one, but I passed on several previous emails. This one caught me because of good time with both personal and work events that made this card seem valid. My question to the security team, is how do you know a link is good or bad. I have received marketing emails and identified them as Phishing, and then I receive an email back informing me that I shouldn't have submitted these. How do I know that an unsubscribe link or any link to what looks like a marketing email from an unknown organization isn't a phishing email?
Mayo Clinic has an E-Card site you can go to (http://mayoweb.mayo.edu/humanresources-recognition/ecards.html) to recognize your co-workers. It comes to your email in the same fashion the phishing email did. You have to click a link to a non-Mayo website to view the e-card. I heard some of my co-workers clicked on the phishing email because they thought it was one of these.
Hi Kellie, You are correct; Mayo Clinic does offer an eCards for staff use to recognize a job well done. An eCard launched from Mayo’s tool has a few indicators that will help you recognize it as genuine. 1) The card indicates that it is a Mayo Clinic eCard, 2) the card displays the name of the sender, and 3) the card provides a Mayo specific address for the cards. Office of Information Security
"More than 75 percent of recipients fell victim to the campaign email." Did 75% actually open the email, or is that a combined opened and/or deleted the email? I got a "congrats" pop up when I clicked the "phish" button after searching for one of the older links about how to recognize phishing versus spam to see if you wanted us to report that type of email or not, but I was a little disappointed that it wasn't easier to find a FAQ/what to do on the Help Desk homepage as that was the first place I checked. This is what I used: http://intranet.mayo.edu/charlie/office-information-security/how-to-spot-a-phish/, but I think this link is even more helpful: http://newsletters.mayo.edu/newscenter/Article.aspx?contentID=DOCMAN-0000163198
"The campaign sent emails to just over 60,000 individuals. We had 51% of those individuals interact with the email. Of the individuals interacting with the email, approximately 75% of them clicked on the link." Respectfully, that means that the statement "75% of recipients fell victim to the test" is incorrect. 75% of 51% did…24083 (rounded up) people. Which would be 38.25% of recipients. That leaves tremendous room for improvement, but the results shouldn't be exaggerated by 96%.
Mayo Clinic has an E-Card site you can go to (http://mayoweb.mayo.edu/humanresources-recognition/ecards.html) to recognize your co-workers. It comes to your email in the same fashion the phishing email did. You have to click a link to a non-Mayo website to view the e-card. I heard some of my co-workers clicked on the phishing email because they thought it was one of these.
Same here – we have a thank you/recognition program and I thought that's what it was.
Curious what happens if Phishing is reported and the email is, in fact, NOT a phishing attempt. Will the email/content be returned to the intended recipient? Thank you!
Nicole, If you report an email using the Report Phishing button, you will receive notification back from the Office of Information Security’s Threat Analysis and Response Center (TARC) team as to the outcome of the investigation. To date, we are seeing a couple different categories of emails being reported: 1) legitimate phishing attempts, 2) spam or financial scam, and 3) internal Mayo business. Emails reported using the button will still appear in your Sent Items folder as well as your Deleted Items folder. If you feel an email is suspicious, please feel comfortable reporting it so we can investigate. Office of Information Security
I also received this email and never opened it, but thought it suspicious. I usually view my emails on my iphone. I did just look on outlook on my computer and don't see a phishing button. Is this feature available to everyone?
Frances, All Mayo managed workstations should have the Report Phishing button in Outlook. If you do not, please call the Help Desk to have it installed. Thank you! Office of Information Security
I think it is clear it was a poor choice of a test. I hovered over the link. I went to open in an incognito browser with adblock and popup blockers enabled. It is not inconvievable that someone would send you an ecard. If it asks for login credentials, then obviously it isn't something to fill.
@jessicageisler
Janine, All Mayo managed workstations should have the Report Phishing button in Outlook. If you do not, please call the Help Desk to have it installed. Thank you! Office of Information Security