How to Avoid a Coronavirus "Phishing" Scam in Your Practice
Monday, April 20, 2020
Along with COVID-19 crisis anxiety, health care professionals have a new worry—phishing hackers who reference the virus in an attempt to gain access to systems and devices.
Even if an email appears to come from a trusted source (e.g., friends or government agencies), it could be a phishing scam. These emails try to create a false sense of urgency to get you to click on a link or open an attachment.
To help you be aware of these email tactics, keep in mind the following, not only during the Coronavirus crisis, but also during normal circumstances.
Tips and Best Practices
- Be suspicious of emails, especially those referencing the Coronavirus or another crisis.
- Avoid clicking on links that appear in random emails or instant messages. (It’s generally fine to click on links when you're already on a trusted site.)
- Be aware that phishing emails may claim to be from legitimate companies and links will deceptively appear to be from the company's website.
- Hover over any link before clicking on it and read the URL. Make sure the link goes to the sender's site or to another trust site. If you don't recognize the URL, avoid clicking on the link.
- Beware of emails that do not contain your name, especially those that ask for your information. Most phishing emails will start with something vague like “Dear Customer.” When in doubt, go directly to the source rather than clicking on a potentially dangerous link.
- Be especially wary of emails that ask you to check or renew passwords and login credentials.
- Beware of unusual requests, such as to send a wire transfer (even from people you know). Many phishing emails will appear to come from someone credible to get you to act. If an email appears unusual, call the sender and ask if the email is legitimate.
In addition to being cautious with emails, it can be helpful to take the following precautions:
- Install all available security updates and patches on computers and mobile devices at home and at work. New viruses and malicious sites will appear rapidly as this crisis continues, so be sure to update regularly.
- Be very careful of the top three or four sites when using Google or other search engines. Sometimes these are fake, malicious sites. Pay close attention to the URLs.
- Avoid mixing work and leisure activities on company-owned devices to reduce the risk to your practice’s assets and data. Work activities should be limited to work devices.
- Remove bogus browser extensions (often used for shopping) as they can steal data or download malware.
As always, if you’re not sure about something, contact your information technology consultant.