“It will never happen to me.” “I’m too smart. “I know all the tricks.” My family thinks this way about hackers and car salesmen. Unfortunately, they are wrong. At PCIHIPAA, we work every day to help educate and protect dental and medical offices. We work closely with Office Managers, IT Providers, emergency and incident response teams, cyber insurance professionals, and other cyber- security first responders. The bottom line is I see more cyber – crime than my family does. Maybe it’s my fault they are under attack? It’s definitely my fault I didn’t make sure they were more aware and prepared for today’s risks and vulnerabilities. I’ve decided to share their experiences to help protect you, your business, and your families.
According to ID Agent, there is a cyber- attack every 20 seconds. That’s almost as often as my son views Tik-Tok. Most of these attacks are executed by organized crime gangs. And with COVID-19, people are working from home and much more susceptible to scams.
Here’s what’s happened in just the past 30 days:
My In-laws: “The Bank Hack”
My In-Laws checked their bank account and noticed a $10,000 fraudulent withdraw. Not $10, but $10,000! What? Did someone steal their identity? Did someone hack into their online banking? How can this happen? The answer is we don’t really know for sure. Luckily, the bank restored their balance and they opened up a new account. However, the new account also got hacked. They noticed two small deposits of $.01 and $.03. Beware that unidentifiable small deposits are signs of account access. The hackers were waiting for money to be deposited. Someone obviously stole their bank information, but they can’t identify how. It could have been through e-mail or some other phishing scam. Who knows? They still can be nesting in their computer.
What to do: Besides the obvious of purchasing a lot of pillow cases for your money, you should contact your bank and understand how their fraud department works. Who is responsible for a fraudulent withdraw? Make sure you turn on all notifications for withdrawals out of your bank account and credit card accounts. Review your account weekly and look for suspicious deposits or withdrawals. Immediately change all passwords on all e-mail, bank and other sensitive accounts. If you are using online banking, make sure you install a firewall in your home, and your wi-fi router has a difficult password (hackers know all default passwords). Have a professional IT expert check your system, and never access your online bank account through public wi-fi.
My Dad: “The IT Imposter”
My Dad is 83 and still works. Yeah Dad. He received a call at home from the company’s IT Provider that they needed to reconfigure his computer settings because they recently updated the corporate network. Without hesitation, my Dad allowed virtual access to his computer. I know you are thinking this is a double senior moment. However, the hacker used the IT person’s real name. Once my Dad “thought” he was dealing with the IT Provider, he disclosed personal information without considering the potential consequences. His ID was stolen and used to setup lines of credit, and fake credit card accounts.
What to do: Notify everyone in your company (and family) about the possibility of imposter behaviors. Never provide your social security number, bank information, or passwords online or over the phone unless you are 100% certain. If something sounds suspicious or too good to be true, it usually is. If you think your ID has been compromised, immediately check with the credit reporting agencies.
My Daughter: “The Gift Card Scam”
My daughter received an email from the company’s CEO asking her to purchase $1,000 worth of gift cards for an event that he was late for. He needed the gift cards IMMEDIATELY and requested that she e-mail the gift card ID numbers once purchased. I know, in hindsight, this sounds very suspicious. However, in the moment, if you receive an email from your boss, most people don’t think twice. “It’s my boss and I’m doing him a favor,” She thought. Luckily, on her way to the store, she called her boss to confirm exactly what he wanted. To her surprise, he said, “WTF?”
What to do: Notify everyone you know about this scam. Establish a rule that you will never request a purchase, or wire transfer of money, via e-mail. Meet with your CFO or finance person and setup a code word for all bank transfers or material purchases. My code word is “areyou100%absolutelypositivelysure?” Inform your family also. LinkedIn is being used to do exactly that – link you to others. It’s public information, and hackers find ways into your e-mail exchanges to extort funds.
In fact, we recently had a client wire money solely from an e-mail request. Through e-mail exchanges, the hacker noticed when exactly the Dentist was boarding a plane. Just upon takeoff, the hacker sent wiring instructions to their accountant. And just like that, wire fraud and goodbye.
- Share the stories.
- Check your credit. It’s free
- Check and secure your home network.
- Purchase cyber insurance and ID restoration.
- Share e-mail phishing
- Be more aware and cautious.
I hope something in this post helps protect you, your business, and your family.
Jeff Broudy is CEO of PCIHIPAA. They are a leader in PCI, HIPAA and OSHA compliance. PCIHIPAA specializes in helping medical and dental practices mitigate risks related to compliance, and data breaches, quickly, easily, and affordably. Their team of experts is comprised of certified risk advisors, customer success specialists, incident responders, and compliance lawyers. Since 2012, their OfficeSafe™ compliance program protects 1,000’s of medical and dental practices nationwide.