Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker.
Phishing attacks have been targeting healthcare organizations with a vengeance. Phishing involves an attacker who sends a fraudulent email designed to lure an unsuspecting victim into 1) revealing sensitive information to the attacker or 2) deploying malicious software on the victim’s computer or its infrastructure. An example of such malicious software is ransomware.
Fortunately, there is a simple acronym that can be used to quickly remember the important steps to identify phishing attacks as they enter your inbox. SLAM is an acronym that stands for a review that involves double-checking the sender, link, attachment, and message before clicking anything in the email that might deploy a download. They often involve an offer for free or dramatically discounted services or benefits from a large, respected organization. Training one’s staff to use the SLAM method or using it yourself could prevent the serious consequences of falling prey to a phishing attack.
How to Use the SLAM Method
The SLAM acronym serves as a reminder of what to determine whether or not an email is fraudulent and can hurt your computer or its infrastructure. S.L.A.M. (sender, link, attachment, message) are indicators that can quickly, easily and immediately reveal when an email is a phishing attempt.
It is always important to check a sender’s email address prior to opening any email. This is because hackers often pose as a trusted entity when sending phishing emails. To check the validity of a sender’s email address, email recipients should hover their mouse over the sender’s name. This reveals the sender’s email address without having to open the email first.
Email addresses should be checked carefully as hackers often change a couple of details so that the email is more convincing. For instance, the email address may have spelling errors, extra letters, or come from a generic domain name. Large companies will always send emails with their company name in the domain address (e.g., email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org).
When sending fraudulent emails, phishing groups will often use a completely different domain name, which can easily be spotted. Those domains often have a subdomain in front of them, too. In the hierarchy of domain names, a subdomain is a domain that sites in front of another domain. For example, here at telehealth.org, you enter training.telehealth.org when participating in any of our online training programs. In the case described above, the well-known company name is first, followed by the name of the attacker next (e.g., email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org. Law enforcement has difficulty staying on top of these phishing domains because many are offshore or are taken down as soon as they catch enough unsuspecting victims.
Most phishing emails contain links within them, prompting recipients to click so that they may gain access to sensitive information, such as protected health information. These links can be used in different ways. For example, a seemingly trusted company sends you an email saying that your login credentials have been compromised or that they’ve recognized a suspicious login attempt. The email then prompts you to click on a link that directs to a webpage to reset your password. To reset the password, you are required to enter your existing password and a new password to replace it. However, this email is not actually from the company that it appears to be, and instead of resetting your password, the hacker uses the webpage to steal your login credentials. The hacker now has access to your account.
Links in emails should always be clicked on with caution. Just like with a sender’s email address, a link should be hovered over prior to clicking on it to check the legitimacy of a website URL. Alternatively, rather than clicking on a link in an email, it is recommended that the email recipient navigate directly to the company website from where an email is seemingly coming. Recipients can also check the validity of a reset link by calling the company in which the email says it’s from (Note: make sure to look up the company contact information yourself rather than relying on contact information within the email itself).
Hackers often use malicious attachments, that when downloaded onto the recipient’s system, allow the hacker access to that system and other devices connected to the same network. Even when a trusted sender sends an email attachment, it is never a good idea to open an unsolicited email attachment. Before opening an email attachment that you were not expecting, you should reach out to the sender directly to confirm its legitimacy.
The last element of the SLAM method is generally the easiest to detect, the message. While many phishing emails have become more sophisticated in mimicking trusted entities, some email messages themselves can easily give away their lack of authenticity.
When the email message contains the following, it is likely phishing:
- A generic greeting (legitimate emails will address the recipient by name)
- Misspellings or grammatical errors
- Strange wording
How HIPAA Compliance Prevents Phishing Attacks
Healthcare organizations that are HIPAA compliant are less likely to be victimized by phishing attacks. HIPAA imposes minimum protections such as encryption, multi-factor authentication, strong passwords, and employee training that protect against phishing attacks. Employee training on cybersecurity best practices is particularly important, as most breaches are caused by human error. Telehealth.org provides Telehealth Cybersecurity Online Training to help your organization become HIPAA compliant and avoid phishing attacks and data breaches.
This Article Contributed by Compliancy Group
Need assistance with HIPAA compliance? Compliancy Group can help!
HIPAA Compliant Cybersecurity for Professionals
Must-know information about how to protect your telehealth practice from a ransomware attack. Operate w/ EYES WIDE OPEN.