In this week’s scam, cybercriminals are tricking healthcare workers into stealing their user credentials. Then, they use those credentials to redirect money from medical insurance payments into their own bank accounts. Healthcare organizations are frequent targets for cybercriminals because they have access to large amounts of data and personal information.
In some cases, the hackers gain access to a user’s email account by stealing their credentials through phishing emails. At other times, they call the organization’s IT help desk and use social engineering to pretend to be an employee who needs help with accessing their account. Then, they can reset the password and gain access to an organization’s financial systems. Once they have accessed the systems, they can reroute insurance payments into their own bank accounts.
Follow these tips to avoid falling victim to a social engineering scam:
- Enable multi-factor authentication (MFA) for your accounts. This extra layer of security will make your accounts more difficult to access if your user credentials are stolen.
- Be cautious of unexpected emails. Do not click on links or provide personal information without verifying that the email is legitimate.
- This particular scam targets the healthcare industry, but remember that similar tactics could be used to target any organization. Any unexpected phone calls or emails should be treated with caution.