Healthcare Hit With URL Spoof Malware Attacks
By: Jim Stickley and Tina Davis
November 15, 2019
There’s no shortage of data showing employees present a risk to cybersecurity. Human error aside, one of the most targeted industries for cybercrime is the healthcare sector. In 2016 alone, 88% of ransomware attacks targeted healthcare. The industry also has the highest hacking cost of any profession at $408 per stolen record. Within the most targeted industry is the most targeted group–employees.
Traditionally, cybercriminals bombarded healthcare employees with phishing emails. Those emails carried infected links and attachments. Recently, however, cybercriminals are moving away from what’s expected to new “spoof” or “impostor” URL email attacks. Impostor email attacks are trending and could be the next biggest wave in healthcare hacks. The consistent thread is that healthcare is still a major target and their employees continue to be the weakest link.
In 2018, healthcare information was one of the most sought-after data in cyberattacks, second only to Social Security numbers. Hackers are now using social engineering tactics to create emails with information gleaned from social media or previous hacks. The fraudulent emails are designed to look like they’re from someone the recipient knows and trusts. Employees who are tricked into believing the sender is trustworthy are more likely to follow a URL provided in the email. Spoiler alert: The URL is a malicious spoof designed to get sensitive data. Even trusted file sharing sites like Dropbox can host malicious code and have become part of the hacker’s social engineering tool kit. Some experts believe employee awareness about infected links and attachments in phishing emails has worked, and they know to avoid them. With that in mind, hackers needed a new way to attack human nature–and malicious, impostor URL’s are the answer.
According to Proofpoint, cybercriminals may “spoof an email domain to craft an email that looks like it's from a colleague” or “mention personal details (gleaned from your social media networks) to gain your trust.”
Since cybercriminals aren’t going to abandon a strategy that’s working, healthcare employees need to ratchet-up their awareness of impostor emails. It’s necessary to keep email phishing smarts out front but also add impostor URLs to the toolbox. The following are ways to keep phishing and impostor URL emails where they need to be–unanswered.
- Never provide sensitive information in an email no matter who is requesting it. Better to follow up with the source and verify rather than provide the data to a hacker.
- Carefully inspect a URL for spelling, odd characters, and anything even slightly suspicious. Find the official URL for the website and type it in yourself. That way, if the email is legitimate, you should find the same request for information on the official site. If you don’t find it there, it’s safe to assume it’s an impostor.
- Trust your instincts. Any type of scare tactics or urgency in the title or text of an email is a huge red flag, as well as misspellings and bad grammar. Pay close attention to details. Always report a suspicious email to IT or those who know how to move forward with it.