How to identify a malicious email

HIPAA compliant email may be a valuable communication channel for healthcare businesses, but it is also one of the top threat vectors for cybercrime.

With the healthcare sector serving as a popular target, it is especially critical for covered entities to learn how to recognize the warning signs.

Malicious emails are evolving

Email-based cyberattacks are on the rise. There were over 260,000 phishing attacks in July

2021 alone, which was the highest monthly number in APWG’s reporting history.

Email phishing remains one of the most common strategies used to trick victims into sharing sensitive information, but more cybercriminals have begun leveraging increasingly sophisticated tactics that can be particularly difficult to detect.

One targeted approach is business email compromise (BEC), which is when a threat actor impersonates a high-level executive to convince an employee to share sensitive information or conduct a fraudulent money transfer. Another method is spear phishing, where attackers gather specific information about an individual to establish credibility to make a scam seem even more legitimate.

The global pandemic has also sparked an uptick in malicious emails, with attacks increasing by 11% in 2020 alone. In addition to exploiting weaknesses in remote environments, cybercriminals are launching email schemes that directly capitalize on fears around COVID-19. In March 2021, a post-vaccine survey scam was used to steal consumers’ personal data. Hackers have also successfully taken over IT networks by claiming to be the CDC and other prominent health groups.

Despite these ongoing advancements, knowing what to look for can help lower your risk. Here are some key identifiers for healthcare professionals to keep top-of-mind.

Check for inconsistencies

Cybercriminals often change email display names to make the message look like it’s coming from a trusted source. To stay vigilant, review both the name and email address before responding to an email. A legitimate-looking email address may also have a few missing or swapped letters upon closer inspection, so be mindful of the small details.

Also, keep an eye out for discrepancies between the email address and domain name. If an email claims to be from a certain business but the domain shows something different, that’s a big tip-off.

Stay skeptical of unsolicited links or attachments

Unsolicited email attachments can hide harmful software such as malware and ransomware, which allow cybercriminals to infect networks and gain access to confidential information. Therefore, it’s wise to be cautious from the start and avoid opening attachments from unknown sources altogether.

Malicious links may also be incorporated into the body of an email, so always exercise caution. Hover over the link with your mouse to see whether the text and actual destination align. Shortened links and URLs with numbers at the end are some more reasons to pause.

Scan for strange language

A poorly written email should always warrant suspicion. This may include broken language, grammar mistakes, misspelled words, or an inconsistent sentence structure.

Generic greetings like “valued customer” and vague signatures can also be red flags, as a valid organization will typically refer to recipients by name and include contact information. If a sender claims to be somebody you know, be wary of any noticeable differences in language or tone.

Be wary of urgent requests

Cybercriminals frequently attempt to scare victims into sharing confidential information. This means that a malicious email may warn you to act quickly and mention the consequences of failing to do so.

An email that instills a sense of pressure or urgency is automatically a bad sign. Legitimate organizations will also not ask for sensitive information over email, such as login credentials or Social Security numbers.

Ways to protect against future threats

To avoid falling victim to a malicious email, the Cybersecurity & Infrastructure Security Agency (CISA) recommends the following best practices:

• If you are not sure whether an email request is legitimate, check previous communications or reach out to the company directly to verify. Avoid using the contact information connected to the request.
• Never provide internal information about your organization unless you are certain that an individual has the proper authority to access it.
• Do not share personal or financial data via email or respond to requests for this information.
• Install and maintain anti-virus software, firewalls, and email filters to reduce some of these attempts.
• Utilize your email and web browser’s anti-phishing features, or contract with a third party for greater security.
• Enforce multi-factor authentication (MFA).

When it comes to malicious emails, educating your employees on how to identify the warning signs is a smart step in the right direction. However, it’s important to keep in mind that human error is ultimately unavoidable. That’s why healthcare providers should take extra steps to safeguard sensitive data by focusing on strengthening inbound email security measures. These proactive measures will prevent malicious emails from reaching employees’ inboxes in the first place.