FBI Alert of COVID-19 Email Scams
The FBI has alerted healthcare providers to an increase in COVID-19 phishing scams. Network perimeter cybersecurity tools used by US-based healthcare providers started detecting COVID-19 phishing campaigns from both domestic and international IP addresses on March 18, 2020, and those campaigns are ongoing.
Phishing attacks are fake emails designed by criminals to look like a trusted source. The goal is to get you to click on links or open attachments, giving the criminals access to your data. Phishing attacks cause HIPAA violations.
The phishing campaigns throughout COVID-19 use malicious Microsoft Word documents, Visual Basic Scripts, Zip compressed files, avaScript, and Microsoft Executables to gain a foothold in various healthcare networks. The FBI suggests that the purpose is to allow follow-on exploitation and data exfiltration.
In the alert, the FBI provided indicators of compromise for the ongoing phishing campaigns to allow network defenders to take action to block the threats and protect their environments against attack.
Increase in Phishing Scams due to COVID-19
The COVID-19 pandemic has seen an increase in email impersonation attacks on businesses, according to the latest State of Email Security report from Mimecast.
Here are some statistics from the Mimecast report:
- In the first 100 days of COVID-19, email impersonation attacks increased by 30%
- Respondents detected an average of 9 email or web spoofing incidents in the past year
- 51% of respondents said ransomware had impacted their business in the past 12 months
- The attacks cause an average of 3 days of downtime
- 58% of respondents said there had been an increase in phishing attacks over the past 12 months
Lack of Employee Training
Even though there is a high risk of experiencing an attack, there is still a lack of preparedness, and the value of regular security awareness training for the workforce apparently isn’t appreciated. 55% of respondents said they do not provide security awareness training to the workforce on a regular basis and 17% said they only provide security awareness training once a year.
Mimecast reports that human error plays a role in half of the world’s data breaches. Mimecast writes, “if employees are expected to be ‘the human firewall’ or ‘the last line of defense,’ organizations need to invest in them as such.”
Stay HIPAA Compliant with Smart Training
HIPAA training is a legal requirement for covered entities. Phishing scams can be avoided if you train your employees to spot them. Smart Training can help with our Breach Prevention training module.
Keep your patient data safe by training your employees with Smart Training.