Social Engineering and Phishing Attacks Resulting in Fraud or Misdirected Payments

An Important Message from HIROC

Fraudulent emails requesting changes to banking information are on the rise in healthcare organizations. This alert is intended to raise awareness of such threats. Please forward this alert to your payment processing departments (e.g. Finance, Accounts Payable, HR).

We recognize that many healthcare organizations are receiving sophisticated fraudulent emails and/or phone calls. These fraudulent messages often request that a person or an organization’s banking information be changed. This scam usually involves impersonating a prominent individual, such as an executive or a trusted supplier.  

Two common examples of such threats are:

• An employee in the finance or HR department receives an email from a Vice President of their organization advising the employee to change their banking information for payroll purposes. A copy of a cheque with the new banking information is attached.
• An employee receives an email from a vendor advising to send future payments to a new bank account.

Affected organizations often find out that they were subjected to the scam when the legitimate payee contacts them about their missing wage or payment. By this time, the fraudster would have received and withdrew the payment from the fraudulent bank account. 

At this time, HIROC recommends all healthcare organizations undertake the following steps:

• Do not make changes to an employee or supplier’s banking information based on an email or telephone call. Caller ID Spoofing can display the phone number of another individual or organization.  If it is not reasonable to meet with the employee or vendor in person, always verify the change by calling them back at the phone number you have on file. Ignore the telephone number or email address used in the email request.

• Always double check the complete email address from the email you received. 

• Rush requests are common when attempting this scam. Employees should never feel pressured into making a payment or an immediate change to one’s banking information based on an email. Creating a culture of caution is encouraged.

Additionally, threat actors can gain access to the systems and network through these types of phishing emails. Affected organizations should assess the Information Technology environment for potential malware or Trojan virus infections.

HIROC is committed to providing full support to our subscribers through our expert claims and risk management solutions. If you have been subjected to such loss, please get in touch with us at the earliest opportunity.

As your trusted healthcare advisor, here is an additional resource that may be helpful to you and your team:

• Cyber Risk Management – A Guide for Healthcare Administrators and Risk Managers

If you have any questions, please contact us at inquiries@hiroc.com.