Last reviewed: June 8, 2018
You can do your part by taking certain precautions against phishing attempts by using these STOP.THINK.CONNECT.TM tips, jointly developed by the Healthcare Information and Management Systems Society North America and National Cyber Security Alliance.
A phishing attack is designed to obtain sensitive information, generally through elicitation of the recipient or information stealing malware. The phishing communication (“phish”) may be in the form of an e-mail, text message, instant message, or social networking message. Your personal or work accounts may be targeted by the attacker. You may become a victim of the attack if you do what the attacker wants you to do (e.g., sending information, opening a malicious attachment, or running a malicious file). In so doing, you may be deceived into trusting the sender or you may be motivated to respond or act, falling prey to the phishing attack.
Phishing attacks are not necessarily random. You may be targeted specifically because of your position, your organization, who you know, what you know, or what you have access to (or what you can find out). The motivations behind phishing attacks may include financial gain, intellectual property theft (e.g., trade secrets, confidential know-how, and patentable inventions), obtaining business information (e.g., competitive information), revenge, blackmail, and political or social beliefs and ideologies. Victims who fall for phishing attacks may trust the sender or may be motivated by something in the message (e.g., reputation, goodwill, incentives, etc.).