Phishers Targeting Physicians to Procure Patients’ Details
Online scammers, in an attempt to entice doctors as well as others into revealing patient data and important personal information, are using new tricks, as reported by ihealthbeat.org in the last week of January 2010.
On a general note, phishing scams involve fake e-mails specifically written in order to solicit sensitive data such as passwords, logins and financial details. Usually such e-mails contain attachments having viruses or links to unknown websites.
For instance, in a recent case, gullible users were asked for online registration at a vaccine database through a bulk of fraudulent CDC (Centers for Disease Control) e-mails. The officials at CDC issued an alert to warn the users about the prevailing scam and said that these e-mails probably contained links for downloading malicious software.
Scammers have even gone to the extent of victimizing particular segments of people, imitating to be a group that exchange information or data with users on a regular basis. Nicknamed as "spear phishing", these targeted cyber attacks are comparatively tough to identify over the regular ones.
To support the point, experts referred to an incident that took place in 2009. In that case, a faculty physician at the University of California, San Francisco, Medical Center, received an e-mail that purported to be sent by the information technology staff of the hospital, wherein he was asked to provide his login information for routine security upgrades. Considering it to be a regular e-mail, the physician gave away his login details and data of over 600 patients to the scammer.
According to security experts, scammers nowadays are increasingly focusing on doctors as they are the source from where they can get huge amount of important data of so many people at one go.
There are some red flags which the users can use to thwart spear phishing attacks. Experts recommended users to check the originating URL and the e-mail address in case it requests to click on. Then, if the sender is found to be unknown, the key is to simply ignore the e-mail. File attachments that end with '.exe' generally contain viruses, so be cautious. Besides, to avoid scam e-mail entering the inbox, it's always advisable to immune the system by installing latest security software.
Related article: Phishers Expand Their Sphere of Attacks
» SPAMfighter News - 09-02-2010