Chances are, you’re not going to fall for the email from a Nigerian prince who needs your help transferring millions of dollars out of the country for a small fee. But how about a professional-sounding person on the phone asking a seemingly legitimate business question? Or, maybe there’s an unusual request in your inbox from an executive within your own organization.
Scam artists go back as far as the founding Sisters of Charity of Leavenworth, but today’s scammers are more sophisticated – and the stakes are higher – than ever before. Recently, the IRS put out an alert about a scam in which phony emails from executives were designed to trick employees into giving out W-2 information. In another attack, people purporting to be from a credit card company called asking for specific information in a particularly convincing way.
Healthcare systems, in particular, are a high-profile target for cyberattacks, according to the FBI. SCL Health’s Chief Information Security Officer Howard Haile says that’s because healthcare records are especially valuable on the Internet’s black market, and there are thousands of employees a scammer could potentially target.
SCL Health goes to great lengths to protect patients, associates, physicians and others, Howard says. While those efforts and actions are confidential for obvious security reasons, the best personal defense remains vigilance and a healthy suspicion while online or on the phone with strangers.
Most scams and cyberattacks depend on people for their “in.” In some cases, the person is the intended victim. In others, the person may just be a pawn in pursuit of a larger target such as a ransomware attack on an entire organization. Either way, the majority of such activities rely on someone giving away information that can then be used for a crime.
With more creative attacks, paying attention to little details becomes more important. Is the email from someone you know coming from an external source? Does this executive have particularly poor grammar or spelling? Does this request make sense in the context of normal business? Remember to stay alert and never give out your password or personal information.