New phishing scams target doctors and their data
Physicians tend to have a good deal of money--recent med school grads with mountains of debt notwithstanding. Increasingly, physicians also are the gatekeepers of rich storehouses of valuable data. And thus they are becoming inviting targets for a sophisticated bunch of scam artists who practice a technique known as "spearphishing."
Spearphishing is similar to phishing, except it's aimed at a specific population and the bogus emails are cloaked as messages from someone the target might actually interact with, such as an employer, insurance company or government agency. American Medical News reports that one recent scam sent emails that looked as if they came from the Centers for Disease Control and Prevention, asking doctors and patients to register for an H1N1 vaccine database. Last fall, a physician at the University of California, San Francisco, Medical Center exposed personal data of more than 600 patients by responding to a spearphishing message that looked like it had come from the hospital's IT department.
Though it may be tough to discern a scam email from a real one, security experts say there are some clear red flags. Check the originating email address and the URL it asks you to click on for clues. If you don't know the sender personally, don't click on any links. And be alert for file attachments ending in ".exe," which often contain viruses.
For more safety tips:
- read this AMNews article