Those in the healthcare industry should be aware of a spoofing campaign involving HIPAA Journal. The provider of HIPAA related news warned that an unauthorized person or group registered an email address using its brand. Whoever did that is also contacting physicians to let them know about a “healthcare violation” by a healthcare company. But the email is completely fraudulent.
The name of the healthcare company isn’t listed in the warning, if it’s known or specific. But HIPAA Journal wants to let everyone know that they are not responsible for the email that may come from “hipaajournalinfo@gmail.com.” There is also a link to the actual HIPAA Journal website, but has not yet been able to determine where the link actually takes the clicker.
Below is an example of one of the phishing scams being circulated:
This email is a good example of items that can identify it as phishing. The greeting is not properly written. It’s missing periods and the grammar is not proper for English. However, while this one has obvious indicators, so many of them now don’t. It is getting more and more difficult to determine what is phishing and what isn’t. This is especially true with all of the information available about a given person or company on the Internet.
Information gained from social media and business networking sites is valuable to cybercriminals. They can find out a lot of information simply by looking at a person’s profile. Consider what information needs to be made available on social media. If it’s not critical, don’t post it. The details can be used for targeted phishing, particularly business email compromise (BEC) or W-2 fraud.
HIPAA Journal is working with Google to close the account associated with this campaign. In the meantime, watch out for this or similar email messages trying to use a well-known brand to scam.