Email Spear Phishing: A New Level of Scary

By Robert McDermott; President/CEO, iCoreConnect

The FBI and ADA recently warned that cybercriminals exploit events like the crisis in Ukraine in order to steal personal information and money. One of the most successful ways to target and succeed is through your email.

Spear PhishingThere are a couple of primary ways you can be targeted. You’ve probably heard of phishing, where cybercriminals use email as their gateway to your personal information. Spear phishing takes email targeting to an entirely new level of scary — your attacker gets to know you. Cyber attackers collect information relevant to you from across the internet so it seems like an email you should expect. Sometimes you may be asked to click a link or attachment, or to respond. If you do, you’ve opened the door for malware to get into your practice management system, accounting and other important applications.

Learn to Spot the Trick

Be cautious when you receive an email from the bank, your IT department or a vendor for example, stating that you need to reset your password or go to a website to update information. Reach out to the sender separately to verify it really came from them.

Don’t Click the Link

A quick way to see if the link is suspicious is to just hover your cursor over it. The URL should point to the site to which the email claims it will be going. If it doesn’t, or you have any doubts, alert your IT team.

Limit Cybercrime Access Points

Protected Health Information should not travel in or out of your general email inbox (Gmail, Yahoo!, etc.). The safest HIPAA-compliant email:

  • Meets all five required HIPAA safeguards.
  • Transmits across a private encrypted network.
  • Encrypts email in transit and “at rest” in your inbox.
  • Requires you to initiate first email communication to those outside your network.

Recovering from an attack is much more difficult and costly than preventing it in the first place. Provide ongoing staff education. Assess the security of your HIPAA-compliant email. And implement a plan to send the bulk of your emails through a truly secure HIPAA-compliant email.

iCoreConnect, an MDA Services Endorsed Partner, specializes in comprehensive software that speeds up workflow for dentists. iCoreExchange is an encrypted, fully HIPAA-compliant email. Not one iCoreExchange email has been hacked. Ever. MDA members receive a discount on iCoreExchange. Book a demo at iCoreConnect.com/Mi1 or call 888.810.7706.