In today’s fast-paced electronic world, Phishing attacks are once again becoming more prevalent. As companies shore up their security footprints, Hackers are forced to be more creative to get in, and usually try to prey on unsuspecting or unknowing users who they hope are too busy to pay attention to the details.
Phishing is an attempt to acquire sensitive information such as usernames, passwords, bank account or credit card details, social security numbers, etc. by masquerading as a trustworthy entity.
A Phishing scam is typically carried out with the help of an unsolicited email or a fake website that poses as a legitimate site to lure in potential victims and prompt them to provide valuable personal and financial information. Newer fishing attempts involve incoming phone calls where the bad guy poses as a representative of a known vendor claiming they haven’t been paid for a past due invoice, and trying to get someone unsuspecting to wire them payment or provide financial information, check routing numbers, etc. Armed with this information, a criminal can commit identity or financial theft.
Phishing emails often attempt to get you to take urgent action through the threat of a financial loss, litigation, or the promise of a prize or reward. Clicking on such a link or attachment may take you to a fraudulent web-site or download spyware designed to steal your personal information. Scammers craft their emails and web pages carefully, often copying web page layouts and logos as the entity they are trying to impersonate. Here are a few tips to help you avoid phishing scams:
- Be very wary of any unexpected email asking you to click links, attachments, or download files. Especially if financial or other private information is requested.
- Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's identity.
- If you notice spelling or grammatical errors, be extremely cautious of the validity of the e-mail.
- Look for ‘https://’ and a lock icon in the address bar before entering any private information.
- Don't cut and paste a link from the message into your Web browser -- phishers can make links look like they go one place, but actually send you to a different site.
- Don't send personal or financial information by unencrypted email.
- Have an updated anti-virus program that can scan e-mails, as well as a firewall.
- Remember, the best way to protect yourself is to STOP and THINK before you click.
BlueOrange Compliance has been providing privacy and security assessments, remediation and guidance since the inception of HITECH, and has over 50 years of experience in technology security, compliance and healthcare. Our national client base consists of hospitals, physician provider practices, LTC Pharmacies, SNFs, LPCs, homecare and hospice and business associates. If you want to learn how BlueOrange Compliance can help you turn HIPAA complexity into HIPAA compliance, visit us at blueorangecompliance.com.