Cybercriminals are targeting healthcare workers by stealing user credentials through phishing and social engineering.
In this week’s scam, cybercriminals are tricking healthcare workers into stealing their user credentials. Then, they use those credentials to redirect money from medical insurance payments into their own bank accounts. Healthcare organizations are frequent targets for cybercriminals because they have access to large amounts of data and personal information.
In some cases, the hackers gain access to a user’s email account by stealing their credentials through phishing emails. At other times, they call the organization’s IT help desk and use social engineering to pretend to be an employee who needs help with accessing their account. Then, they can reset the password and gain access to an organization’s financial systems. Once they have accessed the systems, they can reroute insurance payments into their own bank accounts.
Follow these tips to avoid falling victim to a social engineering scam:
- Enable multi-factor authentication (MFA) for your accounts. This extra layer of security will make your accounts more difficult to access if your user credentials are stolen.
- Be cautious of unexpected emails. Do not click on links or provide personal information without verifying that the email is legitimate.
- This particular scam targets the healthcare industry, but remember that similar tactics could be used to target any organization. Any unexpected phone calls or emails should be treated with caution.
Stop, Look, and Think. Don’t be fooled.
KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.
DISCLAIMER : Any non-technical views expressed are not necessarily those of Keller Schroeder or its employee-owners.