Skip to main content

Cyber awareness

Tips and guidance on cyber security and being vigilant when working with emails and text messages.

Phishing

Phishing is when cyber criminals try to trick you into clicking on links within a scam email or text message.

Email phishing

Email phishing is a targeted cyber attack using a disguised email.

These emails may look genuine, but are actually from cyber attackers trying to access systems for malicious purposes.

Text message phishing

Text message phishing is a cyber attack using a disguised text message. The text message may look genuine but is actually a cyber attacker trying to access systems.

We tend to click on links in text messages quicker than in emails. You should be extra vigilant when opening links within text messages.

Warning signs

  • Do you know the sender of the email or text?
  • Were you expecting the email or text – is this a normal form of communication or does something seem unusual?
  • Does the email address display correctly? For example, first.second@hse.ie is legitimate but first.second@hse-ie.com is not. Check the email address by hovering your mouse over the ‘from’ address.
  • Does the email or text have a sense of urgency? That something is too good to be true?
  • Is there bad grammar and spelling?
  • Is the email or text advising you to do something urgently? For example, for financial gain or a request for action so you don't lose a service?
  • Does the email or text have links to click on for next steps?
  • Is there an attachment on the email? Make sure the file is a recognised Word, Excel, PDF file that you would usually expect

Email and text dos and don'ts

Do:

  • Always check the address that the email has been sent from. Is it from someone you usually communicate with?
  • Be wary of any email that you are cc’d on where you don’t personally know the other people it was sent to
  • Check the time an email arrived at - did it arrive at an unusual time?
  • Always check the subject line - is it a reply to something that you never sent or requested?
  • Always hover your mouse over any link in an email and check that the link matches the address shown on screen. You should also check that the address is spelt correctly, and isn’t a fraudulent copy.
  • Be careful what you post to social media, online forums and web chats
  • Limit the use of business email for personal use
  • If you think you have received a suspicious email or text message, take a screenshot so you have a record of it

Don't:

  • Do not click on any suspicious links in emails or text messages
  • Do not open attachments in unsolicited emails
  • Do not run an attached .exe file. Be wary of .zip files unless you were expecting them. Never click 'run macros'
  • Do not create distribution lists containing both internal and external addresses
  • Do not 'reply all' to group lists without checking the potential recipients
  • Do not forward chain letter emails
  • Do not click on a URL contained in an unsolicited email

Your login details must be kept private. This helps to keep data secure for our patients, service users and staff.

What to do if you think you have been phished

Ask yourself:

  1. Does the email have any of the characteristics listed on this page?
  2. Was I expecting this email, and
  3. Do I know the sender? If you do then phone them to confirm the validity of the email.

If you suspect the email is a phishing email

  • don’t click on a link or open any attachment.
  • delete it immediately.

If you suspect the email is a phishing email and you have clicked on a link or opened an attachment

call the National Service Desk at 0818 300 300 immediately for guidance

Keeping data secure

Your login details must be kept private. This helps to keep data secure for our patients, service users and staff.

You are responsible, when logged in using your credentials, for activities on HSE devices, information systems and applications.

You must:

  • Only use accounts and passwords assigned to you (except for generic and group accounts)
  • Ensure that logins for generic and group accounts are kept confidential and not shared with colleagues or third parties
  • Change your password immediately if you suspect your password is known by others

Don't:

  • Do not send your password within email messages, unless the email message is encrypted
  • Do not write down your password on or near your computer or any device connected to a HSE network. In exceptional circumstances where a password has to be written down, it must be stored in a secure place that is not easily accessible to others
  • Do not change default passwords given by suppliers of new devices and systems - this should be done at installation
  • Do not misuse passwords or give a user system privileges above those they're authorised to use

Passwords Standards Policy (PDF, 715KB, 13 pages)
Guidance on creating strong passwords, protecting passwords and how often they must be changed.

Contact

National Service Desk phone 0818 300 300

Page last reviewed: 01/02/2022
Next review due: 01/02/2025