How to educate staff to spot malicious emails
As we saw in 2017, dealing with the impact of cyberattacks is a pressing issue for healthcare organisations of all sizes. The healthcare industry is particularly lucrative for criminals looking to access large amounts of personal data. Unlike a credit card number which can simply be cancelled, personal health information (PHI) is much more complicated and difficult to deny or restrict access to, so thieves may be able to continue to use it for some time even after the loss has been reported.
Aaron Miller, Senior Technologist, Palo Alto Networks, writes: “The most common way for malware, or malicious software, to make its way into healthcare networks is by spoofed email, which is also known as phishing attacks. Spoofed emails are sent to fool the recipient into clicking a link or attachment that’s malicious. These emails fool the recipient into opening a link or attachment that brings malware into the medical clinic’s network. Once launched, malware is typically downloaded and executed on the hospital workstation. Fraudsters can then take actions, steal personal data or other information, or stay dormant and carry out any of these at a later point in time.
“It is paramount that staff are educated effectively to prevent them from opening malicious links and attachments in emails. Here are some points to consider for staff looking out for spoofed emails.
The warning signs
“Ask yourself some of these questions before you click on a link: do you recognise who sent the email? This alone wouldn’t be enough as it could be spoofed even if you do recognise the sender. Additionally, do you spot any replaced characters or spelling mistakes (such as .co.uk becoming just .co)? Is it a shortened URL? Remember that even if your organisation uses shortened URLs, the one you have been sent could be malicious. Often, simply checking with the sender lets you confirm whether the email came from them, if it contains something you were not expecting.
The ‘from’ address
“A generic email domain is a typical tactic to try and trick you. You may, for instance, receive an email from dentalclinicABC@gmail.com – note the part after the ‘@’ sign. Although these email addresses appear like the official one, they are not using an official business domain and may, therefore, be more likely to have been sent by fraudsters.
The content
“Look out for language that seems generic. Often the fraudsters don’t even know your name. One giveaway of an email that contains malware is if the email addresses you generically, such as Dear Customer, Dear Healthcare Professional or Hello. This saves fraudsters time as they often must send out huge numbers of phishing emails. Fraudsters often make spelling or grammar mistakes when creating a phishing email. If you think an email looks or sounds unprofessional, this is a signal that the email may be a fake.
“Fraudsters play on emotions such as fear, urgency or curiosity to trick users to clicking on a link impulsively and without careful consideration. Look out for statements such as “we have detected a fraudulent credit card charge” – banks consistently remind their customers that they will not ask for personal information over emails, but in a state of panic it could be difficult to remember this and to think logically. Beware of phrases such as “urgent action required” which encourage you to provide confidential information to rectify a situation.
The URLs
“Phishing emails aim to lure you to either fake sites that look real and try to steal your credentials, or to sites that could infect your clinic’s workstation with malware. However, there are ways to find out where a link is really taking you. One way to recognise fake or obfuscated links is to check if the URL that is displayed is only an IP address, does not match the URL that is shown in the email content or is long and confusing but includes a familiar term.
“These are some tips that form part of the many ways healthcare organisations can minimise the potential impact of successful cyberattacks. Some threats can be stopped before they reach a user, while others can slip through the gaps. It is therefore essential for staff to remain vigilant of such attacks. Small improvements such as educating staff to recognise spoofed emails can better ensure companies are appropriately bolstering their cyber defences. “