Coronavirus scams hit home


Coronavirus scamsScams capitalizing on the Coronavirus hit the healthcare community started up shortly after the virus was announced, and they appear to be effective and still continuing. The attacks aren’t isolated to the healthcare industry, either. Although there are a few different versions of the attacks happening, the most nefarious one plays out as follows.

Using a spoofed CDC email address, one example we’ve seen is CDC-GOV.ORG, the attackers are sending emails with malicious attachments. The email claims to be providing up to date information on the virus along with ways we can protect ourselves. The attacks have become so prolific that the FTC and others issued formal alerts. Here’s the notification from the FTC:

What the attack actually does is the problem. The most common attack is using a well-known malware variant known as EMOTET. Once inside, EMOTET uses your computer to spread the email to others. It also harvests your network access credentials. Finally, it snoops through your network looking for files of interest and then uploads them to the hacker’s servers.

There are THREE key takeaways we can learn from this:

  1. Read the URL of any website link. a dot ORG domain can be purchased by anyone. A dot GOV URL is only available to government facilities.
  2. When examining the URL, be sure to read the ENTIRE string. We’re seeing attacks now where the actual destination domain is towards the end of the URL string.
  3. Don’t open attachments that you weren’t expecting, even if they come from someone you know and trust.

Training continues to be your best friend against becoming the victim of a cyber-attack. Don’t let your curiosity about an important event create a lapse in your judgment.

Be well and be safe.

If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.

For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.

The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for weekly HIPAA Security Reminder to help stay compliant.