October is National Cyber Security Awareness Month and as healthcare professionals, we play an important role in protecting the safety and security of healthcare data. Unfortunately, it’s becoming an increasingly difficult battle to maintain the integrity of healthcare data. In 2019, 510 healthcare data breaches of 500 or more records were reported—up more than 196% from 2018, which resulted in 12.55% of the United States population’s health records being exposed, impermissibly disclosed, or stolen.*

We can do our part by protecting ourselves against one of the most common causes of data breaches—the phishing attack.

Phishing is an attempt by a bad actor to trick you into giving up personal or other sensitive information through email or text. Spear phishing, which is a type of phishing attack that targets a specific individual, is becoming more prevalent. According to the 2019 Symantec Security Internet Security Threat Report, 65% of attacker groups used spear phishing as the primary infection vector.

The tips below can help you identify phishing attempts so you can avoid becoming a victim. 

3 Signs an email could be a phishing attempt

Spelling and grammatical errors or other strange phrases

Emails with a lot of misspelled words and grammatical errors used to be a red flag for phishing attempts. But today’s cybercriminals are a little more sophisticated—or they’ve learned how to use spellcheck. But you’ll still find many phishing emails contain less-than-stellar copywriting or word phrasing that seems a little awkward.

Unexpected or urgent requests

These days it’s easy to forget what you’ve ordered online, and cybercriminals are taking advantage by sending fake Amazon or UPS delivery notices with “links” to your package’s status. They’ll also try to make you anxious with notices about suspicious activity on a bank account or a “Final Notice” of account termination.

Suspicious attachments

 Is that really an invoice from a customer? Or a receipt for a purchase? Or a gift card from a vendor? Err on the side of caution by only opening attachments when you’re sure you know the sender. 

3 Ways to avoid becoming phishing victim

Pause and investigate

Cybercriminals rely on you being so distracted or anxious by the content of the email that you let your guard down, but you must stay vigilant when it comes to cybercrime. If you suspect the email is fraudulent, look at the sender’s actual email address as opposed to the name in the “From” field. As Amazon explains on its website, emails from them will always come from an email address ending in @amazon.com. Before you click on any links, you should hover over the URL to see where it’s directing you.

It’s also important to remember that certain entities, like the IRS, will never contact you via email to request personal or financial information. 

Go directly to the legitimate source

Can’t remember if you ordered something? Worried about fraudulent activity on bank account? Go to the company’s website and log in to your account or use the customer support number listed there. If you’re not sure if an email is really from the person it purports to be from, it’s best to contact that person through a known channel and ask if they sent it.

Report suspicious activity

You can help build up your organization’s “phishing awareness” by reporting any suspicious activity to your IT security team. Cybercriminals are savvy and are constantly switching tactics to catch people off guard. Notifying your security team allows them to adjust their monitoring protocols accordingly.

* https://www.hipaajournal.com/2019-healthcare-data-breach-report/