CEO email scam targets 17 US healthcare organizations in 2 weeks

Over the past two weeks, a number of Business Email Compromise scams have targeted 17 U.S., 10 U.K. and eight Canadian healthcare organizations, according to a blog post from IT security company Trend Micro.

One type of BEC scam involves CEO fraud. By impersonating the organization CEO's email account, the scammer cons employees into transferring company funds into a classified bank account. On average, each employee transferred a total of $140,000 to the cybercriminal, according to Trend Micro.

Trend Micro outlined two primary techniques involved in BEC scams.

  • Altered "From" field. In this type of scam, the cybercriminal changes the "From" field in an email to make it appear as though the email came from the CEO. However, the "Reply To" field contains the scammer's email address.
  • Copycat domain names. The cybercriminal uses domain name that's very similar to the healthcare organization's. Oftentimes, only one character in the domain is changed. The subject line of the email contains phrases such as "extremely urgent" or "due payment."

More articles on health IT:
Berkshire Medical Center reports data breach affecting 1,700 patients
Trump says Apple CEO Tim Cook called him after election despite tension
Gov. Charlie Baker unveils Massachusetts Digital Healthcare Council

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Top 40 Articles from the Past 6 Months