What is Phishing and How Common is it?
Phishing is an attempt to acquire personal information such as usernames, passwords or financial information via impersonation or by spoofing. Despite how simple they are, phishing attacks continue to become a larger threat every year. Information is power and healthcare organizations have a great amount of both personal and financial data at their disposal. This make healthcare organizations a target for many phishing attacks. While emails continue to be a major source of phishing scams, social media lures are on the rise. In just seven short years ago, social media was used in 8.3% of phishing attacks; now they are used in 84.5% of attacks!
How Does Phishing Work?
Phishing is a common method of online identity theft and virus spreading, using platforms such as social media or email to acquire personal information, including login credentials or account information. They often masquerade as a reputable entity, using stolen or fake identities. Phishers use fake website addresses to lure victims into entering their credentials. Once you enter your login detail on this fake page, the phisher has the information they need to access your account. A hijacked account can be used to extort money from your contacts, scam you, collect information, stalk victims and spread malware. And not just from you. With your hijacked account, they will have greater access to your contacts. People tend to follow people they know and trust and will be more likely to accept a message or file from your account.
What is Spear Phishing?
Spear phishing is a more advanced version of phishing that aims at specific groups, organizations or people. Instead of vague messages blasted to thousands of people, criminals design messages to target a specific entity to ensure a greater chance that the scan succeeds. Criminals will research your organization to identify ways in which your organization is vulnerable, often identifying staff, management business associates, patients etc. They will then use that information to gain your trust and access.
How to Protect Yourself!
The online threats we are at risk for can be overwhelming, but the good news is there are steps you can take to protect yourself, your network and your organization from phishing scams!
- Do not respond to unsolicited messages, emails or text messages. Do not click on links or download files contained within messages because those links may contain viruses or malicious software (including ransomware) that could steal information and/or harm your computer.
- Make sure your computer is protected by anti-virus software that is up to date. Your antivirus should run automatic updates, scan all incoming emails and perform regularly scheduled system screenings.
- Become familiar with the privacy features of the social media platforms you use. Each is designed to protect users from malicious attacks. Set your privacy settings as high as functionally possible for your organization.
Lastly, beware of the following:
- Messages with misspelled words, typos, multiple fonts and oddly-placed accents.
- Mismatched links. When you hover over a link, the address should match the link shown on the page or message.
- Messages asking for personal information. Most companies will never ask you for account passwords, social security numbers, tax identification numbers or credit cards numbers.
- Report any suspected phishing attempts to your social media platform as soon as possible. They can use the information you provide to investigate and take action if possible.
- Train your staff on how to safely navigate social media on behalf of your organization.
HCP offers a Cyber Security course that provides essential information and training for your organization. If you do not have access to this course, please contact us today.