A new kind of cybersecurity Report Abnormal Security from San Francisco found that the healthcare industry and insurance companies have a 45-60% chance of being the target of a phone fraud attack via email: a sophisticated scam where scammers send emails to targets asking them to call them . In the second half of 2021, these attacks increased by 10%.
In addition, legitimate-looking but problematic business email compromise (BEC) attacks on healthcare systems are on the rise. This happens when a scammer accesses a target’s business email and impersonates the target, then uses that identity to build a rapport with the victim and get them to pay.
“Email attacks increased 10 percent in the second half of 2021. Healthcare systems are also seeing an increase in legitimate-looking but questionable business compromise emails that could cost victims as much as $2.4 billion,” former FBI Analyst and director of threat intelligence at Abnormal Security, Crane Hassold, in an email forwarded to a representative. “Our report shows that the healthcare industry has a 68.9% chance of receiving a commercial email breach every week.”
The report quantifies how many different types of attacks have occurred, and the numbers are not only large but growing. For example, the chance of a large business being attacked by phone fraud: 72%. That’s their weekly risk.
Supply chain attacks as an emerging threat type are also on the rise: there is a 67% chance of such attacks in the second half of 2021, the report said. In this case, the attacker conducts phishing, hoping to infiltrate the target’s email. Attackers then use the target’s email and contact base to send customers fake invoices, which can be particularly difficult to detect, the report said.
Additionally, the report noted an increase in voice phishing (phishing). Such attacks usually start with an email asking the user to call or face some threats, such as pending charges. For example, the report found scammers imitating companies from Amazon to PayPal to Microsoft to Best Buy. The incidence of such scams will increase in 2021, the report said.
Risk extends all the way to the top management. The report found that executive goals increased by 23.9% from June to December 2021.
“A major takeaway from Abnormal Security’s H2 threat report is that cybercriminals are moving from low-value attacks to more sophisticated, high-value tactics that use social engineering to trick recipients into sending money or revealing sensitive information. These threats appear to be Not malicious, so they can easily bypass secure email gateways and get into employee inboxes, where they can do significant damage,” Hatsold said in an email provided by a representative.
Historically, attacks have included links in emails that scammers want the target to click after opening the email. Software that prevents cyber-attacks often looks for just as much. However, this year’s report found that scammers are staying away from such links in favor of more sophisticated tactics. Instead, emails often don’t have a link and instead prompt the target to dial a number, circumventing some traditional protections. In some cases, there is no email, and the crooks call the target directly.
“Cyberattacks are easily the number one threat to organizations today — ransomware attacks, business email breaches and social engineering attacks all have financial implications. Healthcare leaders need to be aware of the changing cybersecurity threat landscape,” Ha Solder added.
Hassold added: “Going forward, it’s important for healthcare organizations not to overthink cybersecurity. They need to have defenses in place to prevent initial access to corporate networks and invest in robust email security solutions such as exceptions security to detect various email attacks and ultimately protect employee inboxes.”
Photo: Haywards, Getty Images



