Social engineering is the art of manipulating people into handing over confidential information. Email phishing is one of the most common forms of social engineering, and healthcare is a popular target.
Most phishing campaigns come in the form of email and are created by people who design fake websites that look just like a trusted organisation – complete with branded email templates. They’re designed to trick you into clicking a link and presenting you with a log in page.
As an example of how easy it can be to be deceived, below we’ve spelt Pinnacle correctly, and then again using a capital I rather than an lowercase L. Can you spot the difference?
More sophisticated campaigns can target specific people, by gathering intelligence on the person then tailoring their campaigns to suit. This can be done by gaining a copy of your credentials, installing malicious software and disclosing other types of confidential information.
Scammers are very good at what they do. They will combine a variety of different methods to have the best chance at success - from well-crafted spelling mistakes to links that direct you to fake websites, and everything in between. They will even sit and watch your conversations for months on end to learn who and how you talk to people.
The latest scam involves .xlsm files. Please do not open a .xlsm file someone sends to you - even if you're sure it's really them. There's not a single legitimate reason to send a .xlsm file.
Phishing scams will continue to be commonplace and can affect any of us – even the most keen eyed individual could easily be deceived when faced with a busy inbox full of emails to read and action.
We encourage you to be really aware of this activity, and discuss it as a practice team. Watch for the signs and acknowledge it can – and will – happen to the best of us. Reporting anything suspicious immediately will help.
For more tips for staff on staying safe online check out this advice (PDF) from the UK's National Cyber Security Centre.