In Case You Missed It
Paul Asadoorian, Matt Alderman and Kevin O’Brien discuss how phishing scams have hit the healthcare industry. People have learned to live differently during this pandemic, which causes more users to become vulnerable. The problem with data breaches nowadays is that it can prey on people who are not only non-technical users, but also users who anxiously want to click on whatever’s been sent into their inboxes.
Rhode Island Department of Health Phishing Scam
Paul and Kevin continue discussing how the Rhode Island Department of Health (RIDOH) experienced a phishing scam that mainly focused on the COVID-19 vaccine. It was sent to health care workers who thought it was a great opportunity as it pertained to promoting pre orders for the vaccine. It’s also a known fact that Rhode Island was known as the number one state with the highest number of COVID-19 cases, especially with the surge of the virus’s second wave. However, it came to Paul and Kevin’s surprise that the phishing attack was pretty straightforward with their email, and where the email address was being sent from.
Ironically enough, this phishing scam was to target people who aren’t familiar with technology. However, it was pointed out by both Asadoorian and O’Brien that end users typically don’t receive messages that will trigger a phishing scam. But, because a majority of health care workers opened the email thinking there was a pre-order for COVID-19 vaccines, this meant that more people who forwarded this email were also involved in a phishing scam that was bound to happen out of nowhere.
One obvious indicator of this email link was the email address which had: virus/control.com in the URL. Another indicator that users should look out for are links that don’t function properly. Typically emails with a link that don’t work should automatically tell a person that this is suspicious, therefore, a part of a phishing scam. Overall, these types of emails, regardless of what platform you receive them on, should be removed from a user’s inbox.
How to Prevent Phishing Scams
As Asadoorian and O’Brien discuss more indicators that users could find, they also address that people need to have an easier way to report phishing scams when they see one. Rather than calling an IT help desk, there should be a button that reports suspicious emails. GreatHorn CEO and Co-Founder Kevin O’Brien explains email security solutions that can increase phishing scam prevention as well as understanding different types of risk surfaces and layers of email security.
Other interesting takeaways from last week’s webinar include:
- Understanding Your Risk Surfaces
There are mainly three types of email attacks to look out for. This can be an email impersonating someone or something you’re familiar with, an attachment of malicious files, or even a dangerous URL.
- Risk Mitigation Functions in an Email Security Stack
Understanding risk mitigation functions starts with uncovering the layers of email security.
Courtesy of GreatHorn
- Different Sources of Risks in Email Security
There are plenty of risks that are taken with email security without even realizing it. It’s rather seen as a process, really. Because of the types of emails that can be sent as a phishing scam, it’s important to seek the different types of indicators of vulnerability that are at risk with email security such as payloads, DMARC, SPF, DKIM authentications, biometrics, URLs, senders, recipients, and historic relationships.Once the different areas of indicators have been identified, the next step is to implement the layered approaches to heighten email security. This can include link protection, bannering, mailbox intelligence, quarantine and credential theft protection.
One important lesson to familiarizing yourself with these types of scams is to educate. Educate your employees and staff about what to expect and look for the next time a phishing scam resurfaces. The main priority to preventing phishing scams from happening is to educate users that are prone to becoming victims. To learn more tips about how to avoid phishing attacks, check out one of our GreatHorn articles here.
Overall, phishing scams can happen anytime, anywhere. Especially during a pandemic, people are vulnerable, and will take anything to heart. As for the Rhode Island Department of Health, this shows that any type of system with IT security can still be compromised by attackers.