Catches of the month: Phishing scams for July 2021

Welcome to July’s review of phishing scams, in which we look at criminals’ latest tactics and provide examples of successful frauds.

This month, we delve into the continued success of HMRC scams, look at why healthcare firms need to be particularly careful about the threat of phishing and review a report that analyses how attackers are able to fool people.

HMRC scams continue to cause havoc

The number of officially reported HMRC-branded phishing scams increased from 572,029 in the 2019–2020 fiscal year to 1,069,522 in 2020–2021, according to data obtained under the Freedom of Information Act.

Lanop Outsourcing, the accountancy firm that made the FOI request, revealed that most of the scams claimed to be tax rebates or refunds.

The 690,522 instances that it found represents a 90% increase over the previous year – which is perhaps a sign that scammers are taking advantage of people suffering financial hardship during the COVID-19 pandemic.

As you’d expect, attackers were most likely to target people via email. However, the report also noted SMS scams increased by 52% and scam phone calls rose 66%.

Commenting on the report, Tessian CEO Tim Sadler said: “Impersonating an authoritative organisation like HMRC is a tried and tested way for cyber criminals to create a sense of urgency and fear, to manipulate people into sharing financial information or credentials via phishing or smishing scams.

“And they’ve upped the ante, particularly over the past 12 months, in the hope that by sending more emails, more people might fall for their schemes.”

Andy Harcup, senior director at Gigamon, added: “The fact is that companies cannot neutralise these attacks without full visibility into network traffic and getting complete visibility into potential hostile threats.

“The days of allowing security blind spots to remain unchecked are over and a [sic] getting a complete view of what’s happening and when should now be the new normal in terms of security protocol.”

Test your employees’ ability to detect a scam with our simulated phishing attack

Our Simulated Phishing Attack service sends your employees a mock phishing email without the malicious payload.

This gives you the opportunity to monitor how your employees respond. Do they click a link? Do they recognise that it’s a scam and delete it? Do they contact a senior colleague to warn them?

Healthcare facilities targeted by phishing scams

We’ve talked often about the healthcare sector’s susceptibility to phishing. Such organisations process vast amounts of sensitive data and often lack the resources to invest in appropriate defences, making them ideal targets for cyber criminals.

There was another reminder of that this month, as two healthcare facilities in the US disclosed data breaches that began with phishing attacks.

The first was WMed (Western Michigan University Homer Stryker M.D. School of Medicine), which alerted those affected about a breach that occurred earlier this year.

The names, dates of birth and Social Security numbers of current and former employees were affected, and in some cases the data of employees’ healthcare beneficiaries was also compromised.

A spokesperson confirmed that the breach occurred after someone within WMed clicked a malicious link in an email and provided their login credentials to the attacker.

After discovering the breach, WMed contained the breached email account and worked with a third-party cyber security team to help recover.

A few days later, Five Rivers Health Centers, in Dayton, Ohio, also confirmed that it had fallen victim to a phishing email.

In a statement, the organisation said that an attacker had compromised an employee’s email account and gained access to a vast array of sensitive data.

Patients’ names, dates of birth, addresses, medical record numbers, patient account numbers, medical diagnoses, treatment and/or clinical information, test results, prescription information and health insurance details were all affected.

In some cases, patients’ financial account numbers, payment card numbers, driver’s licence numbers, state identification numbers and Social Security numbers were also compromised.

Credential harvesting is the top tactic employed by scammers

Cyber criminals are most likely to target people using credential harvesting and impersonation techniques, according to a new report.

Avanan’s 2021 Global Phish Cyber Attack Report found that credential harvesting is used in 54% of all phishing attacks.

This is more than double the number of BEC (business email compromise) emails that Avanon found (20.7%), which is often regarded as a more significant threat.

Meanwhile, the researchers found that the most attacked industries are IT, healthcare and manufacturing.

“These industries are the most targeted because they hold incredibly valuable data from health records to social security numbers, combined with the fact that healthcare and manufacturing tend to use outdated tech and often have non-technical board of directors,” the report said.

Can you spot a scam?

Make sure your staff know how to identify and avoid scams with our Phishing Staff Awareness Training Programme.

This 45-minute course uses examples like the ones above to explain how phishing works, what to look out for and the steps you should take to avoid falling victim.