Several employees have notified ITS about suspicious email requesting payment for invoices, some of which appear to have been sent from other employees. These messages are examples of targeted (spear) phishing scams. Attacks of this nature are becoming increasingly common and highly destructive because they often employ malicious software to encrypt a victim’s data and hold it for ransom. Several high-profile incidents have recently occurred at hospitals and medical organizations.

Be extremely cautious of messages asking about invoice payment and never click on a link in an email or open an attachment- even if it appears to be a simple RTF or Microsoft Word document- unless you’re expecting to receive it from a known party. Pay close attention to the sender’s email address and verify the associated address matches what you’re expecting as well.

When in doubt, please report suspicious email messages to rt@highlands.edu