Mirum Pharmaceuticals

The user is receiving virus warning popups or accidentally clicked a potentially malicious link.

Audience – Tier 1, Tier 2

Description:

            This guide explains the process if a user thinks they may have clicked a malicious link in a phishing (or potential phishing) email or if they are experiencing any other suspicious behavior.

Procedure:

8AM to 8PM EST

If the ticket/call comes in during normal hours from 8 AM to 8PM EST please notify SME or T2 so that we can notify the client and determine the next steps.

After 8PM and before 8AM EST

1. Find out from the user if they clicked any links?
2. Are they experiencing any popups or general performance issues since clicking the link?
3. Did they provide their password or any other pertinent info? If they provided their password please reset their password immediately. 
4. Check Okta logs for any suspicious logins:
   1. Go to your Okta homepage and click the admin button in the top right corner. 
   2. Click Directory and then people   
   3. Please search for the user and click their name to open their profile.
   4. Click View Logs 
   5. If you see anything suspicious (any activity the user cannot account for since clicking the link. 
5. Once you have checked logs download Malwarebytes and run a scan of the user’s computer, you will have the option to run a report at the end of the scan. Please do so and attach it to the ticket.
6. Remove any malicious items found from the scan.
7. Uninstall Malwarebytes.
8. Clear Cache/cookies in all browsers installed on the user’s computer.
9. Escalate to Tanvir if during the week, he will escalate to SME/T2 who will notify and escalate to Internal when they come in. If this occurs over the weekend please notify the SME/T2 directly.
   

Escalation:

If an escalation is necessary, please escalate to Tier 2 the as first POC, if Tier 2 is unavailable please escalate to SME.