Home » News » Currently Reading:

Readers Write: Spotting a Spoofed Email in Healthcare

December 22, 2016 News No Comments

Spotting a Spoofed Email in Healthcare
By Matt Mellen


Over the past year, healthcare organizations of all sizes have been impacted by cyberattacks. Most of them involve malware of one sort or another. As a former security operations lead at a hospital network in the San Francisco Bay Area, I learned what my research at Palo Alto Networks has confirmed: By far, the most common way for malware to make its way into Healthcare networks is by spoofed emails.

Spoofed emails are intended to fool the recipient into clicking a link or attachment that’s actually malicious. Once clicked, malware is typically downloaded and executed on the hospital workstation. There are plenty of technical approaches to filtering out these type of emails, but none are perfect. For that reason, it’s always prudent to also take some steps to educate your staff to help prevent them from clicking on malicious links and attachments in emails.

I’ll outline a few ‘tells’ or things your staff should look for to spot spoofed emails.

Tell #1. Look for Warning Signs
Before you click a link, look for warning signs that will help you determine its legitimacy. For example, was it sent by an unknown sender? Is it unsolicited? Are there any missing or replaced characters? Is it a shortened URL? If you’ve answered “yes” to any of these questions, you may have received a phishing link.

Tell #2. Unofficial “From” Address
Look out for a sender’s email address that is similar to, but not the same as, a company’s official email address. Fraudsters often sign up for free email accounts with company names in them (such as “hospitalABC@gmail.com”). Users that don’t carefully review the sender’s email may miss the suspicious sending address.

Tell #3. Emotional Motivators
Fraudsters often prey on emotions to drive users to click on a link immediately. Emotions like fear, urgency, and curiosity are effective and frequently used. Additionally, be wary of emails containing phrases like “your account will be closed,” “your account has been compromised,” or “urgent action required.” The fraudster is taking advantage of your concern to trick you into providing confidential information.

Some examples:

  1. You have a new voicemail.
  2. Your mailbox is almost full.
  3. You have a new e-fax.
  4. We have detected a fraudulent credit card charge.
  5. Your account has been locked.
  6. View your invoice.
  7. Your package is at the front desk.

Tell #4. Generic Content
Fraudsters often send thousands of phishing emails at one time. They could have your email address, but they usually don’t know your name. Be skeptical of emails with a generic greeting like Dear Healthcare Professional or Dear Customer.

Tell #5. Grammar and Spelling Mistakes
Fraudsters will often make spelling or grammar mistakes when creating a phishing email. If an email sounds unprofessional, this is a red flag that the email may be a fake.

Tell #6. Fake and Obfuscated Links
Phishers include links in their emails to lure you to fake sites that look like the real ones to steal your login credentials or to sites that will infect your computer with malware. To find out where a link is really taking you, always hover over the hyperlink. If the URL that is displayed is only an IP address, does not match the URL that is shown in the email content. or is long and confusing but includes a familiar term, you are likely looking at a phishing link.

For example: https://login.hospitalXYZ.com.av6shj825.com/login.htm

Next-generation security technologies can stop many threats before they even reach the user, but for those that slip through, whether or not the attack is successful depends on the behavior of the staff. If you educate your personnel on what to look for, they’ll be much less likely to make a mistake and click on that malicious link or attachment.

Matt Mellen is security architect, healthcare at Palo Alto Networks in Santa Clara, CA.


Jenn, Mr. H, Lorre

More news: HIStalk, HIStalk Connect.

Get HIStalk Practice updates.
Contact us online.
Become a sponsor.


Leave a comment



This site uses Akismet to reduce spam. Learn how your comment data is processed.

Platinum Sponsors




Gold Sponsors


Subscribe to Updates

Search All HIStalk Sites

Recent Comments

  1. Re: Walmart Health: Just had a great dental visit this morning, which was preceded by helpful reminders from Epic, and…

  2. NextGen announcement on Rusty makes me wonder why he was asked to leave abruptly. Knowing him, I can think of…

  3. "New Haven, CT-based medical billing and patient communications startup Inbox Health..." What you're literally saying here is that the firm…

  4. RE: Josephine County Public Health department in Oregon administer COVID-19 vaccines to fellow stranded motorists. "Hey, you guys over there…

  5. United is regularly referred to as "The Evil Empire" in the independent pediatric space (where I live). They are the…