Coronavirus: Cybercriminals target healthcare workers with email scamDan Kamashu2020-03-13T14:48:36+00:00
Coronavirus: Cybercriminals target healthcare workers with email scam.
Victims receive an email purportedly from the IT team with the subject “ALL STAFF: CORONA VIRUS AWARENESS”, including a link.
Cybercriminal gangs are targeting healthcare professionals with phishing emails about “coronavirus awareness” – part of a wave of scams capitalising on the pandemic.
Sky News has seen a copy of an email scam sent to a number of healthcare organisations that pretends to be from each firm’s internal IT team.
The email – which has the subject “ALL STAFF: CORONA VIRUS AWARENESS” – tells employees that “the institution is currently organising a seminar for all staff to talk about this deadly virus”, asking them to click on a link to register.
The fake email seen by Sky News which has been sent to staff
Victims are taken to a third-party website disguised as Outlook Web App
The link takes anyone clicking on it to a third-party website disguised as an Outlook web app. Anyone who fills in that form ends up giving their details to the hackers.
Cybersecurity firm Mimecast’s head of data science Kiri Addison, who uncovered the scam, says the fraud is one of a “steady stream” of phishing emails sent since the coronavirus outbreak started – most likely from “organised cybercriminal gangs” – although she was unable to name the groups involved or the organisations affected.
“There’s so much uncertainty around coronavirus, they’re just going to prey on people’s fears,” she told Sky News.
Scams taking advantage of COVID-19 have become increasingly common since the beginning of the outbreak.
Last week, the National Fraud Intelligence Bureau (NFIB) issued an urgent warning after identifying 21 cases of fraud involving coronavirus in February, including 10 that conned people desperate to buy face masks.
Earlier this week, Mimecast identified another email scam, in which criminals posed as HMRC and offered victims a tax refund.
Other cybersecurity companies also identified threats, such as websites registered with names related to COVID-19, which are used to steal information or infect their devices with malware.
“As the impact of the virus spreads this activity is almost certain to increase in order to take advantage of individual’s fears and their increasing concern at this time,” Carl Wearn, head of e-crime at Mimecast, told Sky News.
Ms Addison urged people to pay close attention to the provenance of their emails, but admitted that it was hard to stop fraudsters.
“Generally we see people click on links and falling for phishing all the time,” she said. “Phishing is very effective.”
Creative Commons Disclosure
About Mandatory Compliance
Mandatory Compliance is the leading UK provider of CPDUK accredited healthcare and social care training courses, e-learning programs and Ofqual approved qualifications.
Click on the links below to find out more about our accredited e-learning courses and qualifications:
- Business Administration
- Charities and Volunteers
- Child Care Services
- Clinical Commissioning Groups
- Clinical Governance
- Clinical Skills Development
- Corporate Governance
- CQC Compliance
- Education and Training
- Equality and Diversity
- FE Colleges And Universities
- Finance Management
- Health and Safety at Work – Online Training Courses
- Health & Social Care
- Health Law and Ethics
- Human Resource Management
- Information Governance (GDPR)
- IT and Technology Management
- Leadership and Management
- Local Authorities
- Long Term Conditions
- Mental Health Awareness
- Primary Care Services
- Public Health
- Research and Development
- Risk Management
- Safeguarding People at Risk
- Sales and Marketing
- Statutory Mandatory Training
- Work Skills and Development
- Workforce Development.
Contact our Support Team on 02476100090 or via Email for more courses relating to the Care Quality Commission (CQC) and other regulatory compliance requirements.