As the holiday season draws near, MedSafe urges healthcare organizations and employees to be aware of online scams. Phishing attacks are on the rise with the highest rates since 2016, according to the Phishing Activity Trends Report.
What is Phishing?
The Federal Trade Commission (FTC) defines phishing as a type of fraudulent communication that targets individuals and organizations by sending an email or text appearing to be from a well-known source. Cybercriminals use phishing attacks in an attempt to gain sensitive personal information such as passwords, account numbers, credit card information, or social security numbers.
The FBI’s Crime Complaint Center reported that individuals lost a total of $30 million in 2017 due to phishing attacks. Additionally, Business Email Compromise (BEC)/Phishing scams have accounted for over $12 billion in organizational losses.
How to Recognize Phishing?
Cybercriminals frequently change their tactics, but the following signs can help you identify what might be a phishing attack:
1. Phishing emails and text messages often look like a reputable company you know and trust such as a bank, credit card company, client, social network, online payment website, or online store.
2. The email may appear like it’s from the company by using their logo and header.
3. Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment.
4. Examples include:
a. We have noticed suspicious activity with your account, please log-in to the link below.
b. We have noticed there is a problem with your account or payment information please confirm some personal information.
c. Your account is on hold because of a billing issue. Click on the following link to update your payment details.
d. You are eligible for a government refund
e. Click here for a coupon for free …etc.
What to Do If You Suspect Phishing:
1. If you receive an email or text message that requests you to click on a link or attachment, always use caution. Ask yourself, “Do I have an account with this company or know the person who contacted me?
2. If the answer is “No,” it could be a phishing scam. Go back and review the tips on how to recognize phishing and look for the signs. If it looks suspicious, report the message and then delete it.
3. If the answer is “Yes,” contact the company using the contact information from the website of the company--not the information in the email. Attachments and links can install harmful malware.
How to Report Phishing
If you received a phishing email or text message, report it. The information you provide can help fight cybercrime.
Step 1. If you received a phishing email, forward it to the Anti-Phishing Working Group at reportphishing@apwg.org. If you got a phishing text message, forward it to SPAM (7726).
Step 2. Report the phishing attack to the FTC at ftc.gov/complaint.
MedSafe is wishing you all a very safe and happy holiday season!
MedSafe is the nation’s leading one-stop resource for outsourced safety, training, and compliance solutions.
Toll-free: (888) MED-SAFE
www.medsafe.com
References:
https://www.hipaajournal.com/phishing-attacks-at-highest-level-since-2016/
https://pdf.ic3.gov/2017_IC3Report.pdf
https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams