Advice follows email scam strike on doctor

By Douglas Shepherd

Smart thinking thwarted a phishing scam that could have resulted in a hefty financial loss for one doctor.

Accountants who are members of the Association of Independent Specialist Medical Accountants (AISMA) were tipped off about the incident by a colleague so that they could make their doctor clients aware of it.

The doctor was using an NHS email address to conduct business with the accountant. At the end of the day on the Friday, the doctor emailed a query about a tax payment. 

On the following Monday, the accountant received the exact same email again, apparently from the doctor, word for word. But it was not a forwarded message. This arose his suspicions and he called the client to discuss.  

The doctor then said he had been in contact with the accountant via email over the previous few days about submitting payment to a different bank account. He recognised that the sort code and account number were unfamiliar, so did not proceed with the payment.  

AISMA reports: ‘Having checked the email records, it transpired that the client was having an email conversation with a cybercriminal masquerading as the accountant. 

‘The hacker had created a very convincing email, replicating the layout of the accountant’s email, including his personal signature.  

‘The email address looked the same as the accountant’s email address, but on closer inspection an ‘O’ had been replaced with a zero, a very subtle change that was hard to spot at first glance. 

‘So, it is likely that the client’s email account had been compromised in some way, this could be via redirecting messages, or the password was leaked and the hackers had full access to the client’s inbox. 

‘Fortunately, in this scenario, both the client and the accountant spotted the ruse and were not fooled by this elaborate attempt to steal money.’

The association issued some tips to help you stay alert and spot phishing attempts like the one described here:

Be wary of any requests to pay into a new or different account. This is known as a ‘call to action’ and is a common trait in phishing emails. If you are unsure, phone and speak to the person involved.

Look at the tone of the email: is it like a normal email you would receive from this contact?  In this scenario, the requests from the hacker had grammatical and spelling errors.

Never email personal or confidential information like bank account details or any personal identifiable information that can be used by cyber criminals. Use a secure method to transfer sensitive information like password protected attachments or use secure online portals.

Protect your online accounts with a strong password and enable two-factor authentication wherever possible.