Are they really who they say they are?

Vin Pandha continues her popular series with a look at how criminals attempt to obtain funds fraudulently by targeting surgeries and medical practices using phishing and vishing techniques.


Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. 

The most common form of phishing is via email. Typically, it will appear to have come from a known or trusted organisation such as the bank or a government department and will show a sender’s email address which looks identical or extremely similar to the genuine organisation. 

When the origin of a fake electronic communication is hidden and the sending information is made to look like it has originated from a genuine source, it is known as ‘spoofing’. Fraudsters can easily and cheaply obtain software which allows them to spoof email addresses.

In its most basic form, a phishing email is not personalised towards a specific victim and is usually sent to large numbers of people at the same time, hoping that a percentage of them will take the bait by clicking on a link or opening an attachment contained within the email.

We are all likely to have received some kind of phishing email either at work or personally, as such a large volume of these emails are sent every day. An example is an email purporting to be from the tax office promising you a tax refund if you click on the link contained within the email. Something that seems too good to be true often is.