Reminder: The legacy One Portal is available until 9/23. Visit the new One Portal

Beware of internal phishing attacks

Category: 
Technology Updates

Loma Linda University Health has experienced an increase in internal phishing attacks over the past few weeks. Many of you have submitted these phishing emails to us — thank you for doing so. Your submissions help us to immediately analyze the phishing emails and stop them from spreading.

Please continue to submit suspicious emails by using the “Report Suspicious” button in your Outlook menu as shown below:

If you do not see the button, call the IS Service Desk at ext. 48889 to request for it to be installed on your PC. In the meantime, you may submit suspicious emails to emailabuse@llu.edu

Here are some tips about phishing attempts being sent internally from @llu.edu:  

  • Pause and think before clicking on any links or attachments in messages, even if it’s from people you may know.
  • Were you expecting such a message from them? Do they typically send such messages to you?
  • Look for spelling, grammatical, and formatting errors in the message – a combination of these errors is a sure indicator of a phishing email.
  • When uncertain, you may contact the sender directly at their published phone extension in our directory to verify whether they sent the message.
  • Alternatively, report the suspicious email to IS Security for further analysis, as described above.

If your account is the one being used to send the phishing email, it’s likely that the attacker was able to obtain your password and your one-time passcode (OTP). Please reset your password immediately! Here are some tips about passwords and OTPs:

  • Stating the obvious: keep your password a secret; do not share your password with anyone else.
  • Use different passwords for your LLUH account and your personal accounts; do not use your LLUH password for your personal accounts (e.g., social media, financial, utilities, etc.).
  • Only respond to an OTP request when you are actively signing-on to a system; do not respond to unsolicited OTP requests.

You will find more guidance on staying cybersafe at the LLUH IS Security website on OnePortal by copying and pasting the following address in your browser: 

one.lluh.org/vip/Departments/LLUSS-Departments/Information-Services/Areas-of-Service/Information-Security-Services/Resources 

Additionally, please visit the LLU IT blog to see updates about phishing scams: one.lluh.org/blogs/technicallyspeaking/avoiding-phishing-scams.

For any questions, please contact infosecops@llu.edu

Thank you for your help to keep Loma Linda University Health cybersafe.

We’re Stronger Together

We're building the future of clinical care and education to better serve our community.

Learn How