PSA: Remote Access Phishing

Man sitting on the WiFi signal phishing for account information on a laptop
By UCLA Health IT - Security Operations
1 min read

You probably know from your Cybersecurity Awareness training that phishing can come in many forms: classic email, text messages, phone calls, and even QR codes!

But what happens after the initial lure is dropped? Even well-trained people can fall for phishing attacks—this includes IT professionals! But just because you fell for the initial lure does not mean all is lost. Recognizing the follow-up methods employed by criminals can often prevent significant damage to your identity or loss of your/your organization's data.

A particularly common attack method we observe is the installation of Remote Monitoring/Management (RMM) tools. These are applications that IT Tech Support can use to remotely access your device to assist with technical issues. RMMs are legitimate tools that can grant the remote party full control over your computer, which is why the bad guys like them. They do what malware does, but under the guise of assistance.

Here at UCLA Health, we use BeyondTrust Remote Support for official support sessions. This is the only tool that is approved for remote access to your device, and only from verifiable UCLA Health IT Support personnel.

 Unauthorized remote access apps include:

  • TeamViewer
  • AnyDesk
  • SplashTop
  • ScreenConnect
  • LogMeIn

The list is much, much longer, but here's what you need to remember: you initiate a request for support from UCLA Health. If you receive a call, email, or text from tech support of any kind asking for access to your device, you should not respond. Even if you've answered the phone call or clicked the email, once it's clear that the other party wants you to download something to your computer, it's time to back out/hang up. Even if you do download or install something, it's always a good idea to back out once you're suspicious.

Once you do suspect something phishy is going on, make sure to contact Customer Care yourself to get an IT Security Incident Responder on the case. Even if it turns out to be nothing, we want to give you that peace of mind.

So, to recap:

  • The bad guys like to get you to install remote access software, posing as IT Support.
  • UCLA Health with never initiate these kinds of calls; if you didn't reach out for support, it's probably a scam.
  • As soon as you are suspicious of a call/email, back out of the engagement and contact Customer Care.

As always, thank you for doing your part in keeping our systems and data safe and secure!