Thursday, April 2, 2026

In the last installment of season of the phish, we looked at one of the most common attacks: the message claiming “you have a document or attachment waiting.” These emails rely on curiosity and urgency to trick recipients into clicking.

But sometimes phishing messages don’t come from unfamiliar senders.

Sometimes they come from someone you already trust: a vendor, a research partner, a health care technology provider, or a company you or your department works with every day.

Lesson 2: When a vendor becomes the entry point

Modern organizations rely on a large ecosystem of vendors and service providers. Universities are no exception. Our work depends on specialized research tools, medical systems, cloud platforms, and external partners.

Unfortunately, attackers know this, too.

In some cases, criminals gain access to a vendor’s system and use it to send convincing messages to customers and partners. The email may reference a real project, a real invoice, or an actual document request. Because the message appears to come from a legitimate source, it can be far more convincing than a typical phishing attempt.

Recent cybersecurity incidents across multiple industries have shown how attackers sometimes target vendors first, then use that access to reach universities, hospitals, and research institutions.

What to watch for

Even if a message comes from a familiar partner, pause if you see:

  • Unexpected invoice or payment changes.
  • Requests to download files from unfamiliar links.
  • Messages asking you to re-authenticate or log in again
  • Requests to move a conversation to personal email or external messaging apps.

These are common signs that a legitimate account may have been compromised.

What to do

If you receive a message that seems unusual (even from a trusted vendor), take a moment to verify.

A quick check can prevent larger problems:

  • Contact the sender using a known phone number or contact method.
  • Confirm requests involving payments, credentials, or data.
  • Avoid clicking links if the request seems unexpected.

If you suspect something isn’t right, report it to the UI Phishing team, ITS Help Desk, or Information Security and Policy Office so the situation can be investigated quickly.

Security is a team effort

Our university’s strength comes from collaboration with colleagues, partners, and vendors across the country and around the world. Cybersecurity works the same way.

By staying alert and reporting suspicious activity, members of our campus community help protect not only themselves, but also the researchers, clinicians, students, and patients who rely on these systems.

Next up, learn how cybercriminals use tax season to steal personal and financial information.

Related service(s)
IT Security Information