Social Media can be a great tool for any practice to reach both current and potential patients. As we touched on in the first three parts of this series, social media can help you educate, communicate with, and interact with your patients but it does come with risks. It's important to know how to mitigate those risks before there is a problem.
What is phishing and how common is it?
Phishing is an attempt to acquire personal information such as username, password or financial information via impersonation or spoofing. Despite how simple they often are, phishing attacks continue to become a larger threat every year. Information is power and healthcare organizations have a great amount of both personal and financial data at their disposal. This make healthcare organizations a target for many phishing attacks. While e-mail continues to be a major source of phishing scams, social media lures are on the rise. Just seven short years ago, social media was used in 8.3% of phishing attacks; now they are used in 84.5% of attacks.
How Phishing works
Phishers use social media to acquire personal information, including log in credentials or account information. They often masquerade as a reputable entity, often using a stolen or fake identity. Phishers use fake web site addresses to lure victims into entering their credentials. One you enter your login detail on this fake page, the phisher has the information they need to access your account. A hijacked account can be used to extort money from your contacts, scam you, collect information, stalk victims and spread malware. And not just from you. With your hijacked account, they will have greater access to your contacts. People tend to follow people they know and trust and will be more likely to accept a message or file from your account
Spear phishing is a more advanced version of phishing that aims at specific groups, organizations or people. Instead of vague messages blasted to thousands of people, criminals design messages to target a specific entity to ensure a greater chance that the scan succeeds. Criminals will research your organization to identify ways in which your organization is vulnerable, often identifying staff, management business associates, patients etc. They will then use that information to gain you trust and access.
How to protect yourself
The good news is there are steps you can take to protect you, your network and your organization from phishing scams on social media.
- Do not respond to unsolicited messages, e-mails or text messages. Do not click on links or download files contained within messages because those links may contain viruses or malicious software (including ransomware) that could steal information and/or harm your computer.
- Make sure your computer is protected by anti-virus software that is update to date. Your anti-virus should run automatic updates, scan all incoming emails and perform regularly scheduled system screenings.
- Become familiar with the privacy features of the social media platforms you use. Each is designed to protect users from malicious attacks. Set your privacy settings as high as functionally possible for your organization.
- Beware of:
- Messages with misspelled words, typos, multiple fonts and oddly-placed accents
- Mismatched links. When you hover over a link, the address should match the link shown on the page or message.
- Messages asking for personal information. Most companies will never ask you for account passwords, social security numbers, tax identification numbers or credit cards numbers.
- Report any suspected phishing attempts to your social media platform as soon as possible. They can use the information you provide to investigate and take action if possible.
- Train your staff on how to safely navigate social media on behalf of your organization. HCP offers a Cybersecurity course that provides essential information and training for your organization. If you do not have access to this course, please contact us today.