Frequently Asked Question

Phishing Attacks

Phishing emails usually have a tone of urgency, requiring you to give up sensitive information right away. (E.g., "Your account has been compromised. Log in with your username and password now to reset it."). Always be suspicious of such emails. If in doubt, verify with the apparent sender of the email via a secondary medium (e.g., phone call).

Always verify the sender before clicking on links or downloading attachments in emails. Phishing attacks often mimic trusted contacts or organizations to steal sensitive information. If in doubt, contact the sender directly using a known, trusted method.

1. While not always the case, many phishing emails contain typos or other grammatical errors that you would not normally see in a professionally formatted/automated email from an official organization. (E.g., If your bank is sending you an email, it most likely will not be filled with typos).

2. Always verify the sender's email address, especially when the email is requesting sensitive information. For example, if an email requests that you change your MOH password and appears to come from someone within MOH, the domain (the part after the @ symbol) would likely be moh.gov.jm. If it doesn't, this is likely a phishing email.

Safe Internet Practices

3. Avoid visiting untrusted websites and downloading unknown software.

4. Ensure the websites you are visiting use HTTPS (look at the URL), indicating a secure connection.

5. Avoid clicking on pop-up ads or unsolicited links on websites, as doing so can potentially infect your computer with malware.

6. Keep devices and software up to date

Updates are very important for cybersecurity, as many times updates are security updates, whether that is a new security feature or a patched vulnerability. Not updating devices or software exposes your data to more vulnerabilities and possible cyberattacks.

DO NOT interrupt an update once it has begun. Interruptions during software updates can corrupt files, lead to incomplete installations, and leave your device vulnerable to security risks.

7. Be Cautious of Social Engineering Attacks

DO: Be wary of unsolicited requests for personal information, even if they appear to come from trusted sources. Verify the requester's identity through a separate, known channel.

WHY: Social engineering manipulates individuals into divulging confidential information or performing actions that compromise security. Attackers may impersonate colleagues, IT support, or other authority figures.

HOW TO: Train yourself to recognize common social engineering tactics, such as pretexting, phishing, and baiting. Always verify requests for sensitive information through a secondary, trusted communication method.

8. Utilize a Virtual Private Network (VPN) When Accessing Sensitive Information Remotely

WHY: A VPN encrypts your internet traffic, protecting it from potential eavesdropping and unauthorized access. This adds a crucial layer of security when handling sensitive information outside of the secure office environment

Always verify the sender before clicking on links or downloading attachments in emails. Phishing attacks often mimic trusted contacts or organizations to steal sensitive information. If in doubt, contact the sender directly using a known, trusted method.