The holiday season is right around the corner and while this is usually a time for fun and celebrations, criminals know this is a great time to do some cybercrime. The holidays are a time when we tend to spend more money and whenever money is spent, fraud is right behind it. The rise in cybercrime is staggering. In 2021, there were over 92,000 users over the age of 60 that reported losses of $1.7 billion to the Federal Bureau of Investigation. This is a 74% increase over the numbers reported in 2021.
The most common forms of scams are tech support scams, identity theft, and nonpayment for nondelivered goods or services. However, most of these attacks start with a phishing email or text that is designed to create some form of emotional response in the user. For example, during the holidays, we are all ordering more from online sites. You may receive an email from Amazon saying an order was canceled. It will have a link to get more information and when you click the link, you will be taken to an exact clone of the Amazon site. Once you log in, the cybercriminal has your Amazon credentials.
You might also receive an email letting you know that an order has been made to Amazon or a similar site for a large amount of money. You know you didn’t make that order so you click on the link in the email to dispute it but that is just what the attacker wanted you to do.
Emails or text messages claiming to be from banks are also very common. These messages will say that fraudulent behavior has been detected on your account with X bank and that your account has been locked. The message will have a link for you to log into your bank account but it is fake. Once you log in, the attacker has your credentials.
All of these attacks have common characteristics. They are sent out in mass to tens of thousands of people claiming to represent a particular online retailer or bank. The attackers know that most of the people receiving the message won’t have placed an order from that site or have a bank account with the bank. But some will and that is all the attacker needs. They may send the same message over and over again but change the online site or bank. Eventually, they will find victims.
During the holidays, we all get busier and even more stressed than usual. Because of this, our minds aren’t always as focused as we usually are. Attackers are counting on this and will use messages that really try to put us in a state of alarm or fear. If this happens on a work computer, then not only could your personal accounts be breached, this could lead to a breach of the practice. If an attacker gains access to your computer because of a phishing message, then they have access to patient data inside the practice network.
So what can you do to protect yourself and your practice’s patient data?
Slow down, and take time to think. We all get busier during this season so when these types of messages come in, pause and take time to think clearly.
If you get any message that is unsolicited, be very skeptical. Whatever the message says, you don’t need to immediately believe it.
Don’t click the link, go to the website directly. If you receive a message from Amazon, for example, don’t click the link in the message. Just log into the Amazon site directly and check to see if any orders have been placed on your account.
If you receive unknown calls, don’t take them or return them. Contact your bank or online retailer directly to check on your account activity.
Use good account security. This means using strong passwords AND two-factor authentication. Two-factor authentication can also protect you if you were to fall victim to a phishing message because it makes it a lot harder for the attacker to gain access to your account.
Stay safe out there this holiday season and remember that compromising your own computer can lead to disastrous HIPAA breaches.