Remember the tidal wave of COVID-19 themed phishing scams that swamped businesses in early 2020? That eventually petered out into a trickle as everyone adjusted to the new normal. But just like the virus, COVID-19 phishing scams have come roaring back to global attention. As the Delta variant has become a concern for people worldwide, a new wave of pandemic-themed phishing scams is bringing cybercrime danger to your team’s inboxes.

Always a threat to your practice, phishing risk is ramping up, with a 33% increase in June 2021. Both search volume around the Delta variant and scams related to it started climbing in that month and have continued to surge, showing just how influential new opportunities for phishing around Delta have been in changing the course of cybercrime.

Employees are faced with a host of tempting lures that are being sent out as part of this new crop of fraud attempts. Phishing through attachments, especially Microsoft Office documents, has become a big problem, with 44% of the malicious attachments that businesses have seen matching that description. Ransomware is just one of the hazards of interacting with malicious attachments.

Credential compromise is a high priority for cybercriminals. Such information can be sold on the dark web for immediate profit or used down the line to carry out more sophisticated attacks. They’re using enticing bait to draw employee interest. In one prominent scam, bad actors are spoofing emails from major company HR departments and state agencies asking employees to confirm health information or provide their proof of vaccination by visiting a fake web page that enables the bad guys to steal their credentials.

Awareness = Alertness

It is vital to train your employees on how to avoid phishing scams. Any time ANY email is received that asks them to click a link to log in and ‘fix’ or ‘update’ an account, they should be skeptical. Check the email it was sent from - often, that one step will show that the email address is NOTHING like the name the message claims to be from. Navigate independently to the mentioned account to see if there are any problems. And lastly, if the message is from someone within your own company, verify it through a phone call.

Training your employees on how to spot and react to phishing emails is vital, but it’s not the only precaution that should be taken. Sometimes credentials are compromised through no fault of your own, such as when third-party software is breached. To protect against that, it’s important to have identity monitoring in place for your business and personal accounts. This can be a solution such as DarkWeb ID, which will constantly monitor the dark web for any sign of credentials related to your business.

Make a point this month to raise awareness about the cyber security risks your practice faces and to guide your employees on how to respond. By being more aware, you can greatly curb the risk cyber attacks pose to your practice.

Want to increase your security even more? Schedule a cyber security check with Healthcare Technology Advisors today.