Future Healthcare

Don’t be scammed

With medical practices a favourite target for fraudsters, Vin Pandha shows what you can do to protect yours from the growing use of social engineering techniques.

Fraudsters now frequently use social engineering techniques to prepare for an attack, in which their ultimate aim is to successfully steal funds from medical practices run by private consultants and GPs. 

They use this approach knowing that it may be possible to get potential victims to divulge passwords or payment authorisation codes or to unwittingly remit funds. They do this by persuading victims that the situation presented to them is normal and the approach can be trusted.

As Dr David Modic, research associate at the Computer Lab­ora­tory, Cambridge Univ­ersity, said at the TranUnion Fraud Summit:1 ‘It’s easier and cheaper for fraudsters to exploit humans than it is machines, so of course this is an avenue they will continue to pursue.’

Fraudsters often start by finding out snippets of publicly available information about the practice and its employees. The internet is often a key enabler for fraudsters to be able to scour a number of records very quickly.

Simple search

A simple name search on an internet search engine can reveal a great deal of personal information that is available online about an individual, some of which we may have forgotten was even there. 

With social media profiles in professional and social capacities showing your current employment details, when you are on holiday or checked into a conference all day, together with information on the practice website and news articles, the fraudsters are well armed to carry out a fraud attack. 

Once they have the background information, the fraudsters move on to more direct contact with the practice itself using social engineering techniques. 

So, what are the key methods fraudsters use to carry out social engineering?