Email fraud attacks on the healthcare sector increased by a whopping 473 percent between the first quarter of 2017 and the fourth quarter of 2017, according to a new report from Proofpoint, as reported by Health IT Security.
Proofpoint analyzed over 160 billion emails sent across 150 countries in 2017 and 2019 to determine cyberattack trends on the healthcare sector. The researchers found that on average, organizations were targeted by 96 email fraud attacks per quarter during that time period.
Email fraud has sky-rocketed in all industries. But in healthcare, providers were targeted by 32 email fraud attacks each month. Not only that, 53 percent were attacked more often: incidents were up from 200 percent to 600 percent during those two years. “Not a single company saw a decrease,” the report authors wrote.
So just how do these email fraud attempts work? According to Proofpoint, the most popular spoofing subject categories for the last two years included the terms “payment,” “request,” and “urgent.” One of the greatest driving forces of these cyberattacks include wire-transfers.
The techniques vary, but the idea is to make the email appear to come from someone the recipient trusts or commonly communicates with for business purposes. The most common methods include those that spoof display-names and domains, along with leveraging “lookalike domains.”
“Webmail services, such as Gmail, are the preferred vehicle for email fraud because they’re free and easy to use,” the report authors wrote. “In email fraud, the attacker simply changes the display name. Email display names are unrelated to the actual address being used.” During the two year period analyzed by researchers,
And 95 percent of healthcare firms were targeted by at least one email attack launched from their own domain. Further, the average organization was targeted with 57 domain spoofing attacks. In fact, every organization included in the study experienced a cyberattack associated with a fraudulent message sent to patients and business partners.
“Despite organizations’ large investments in security, email fraud continues to rise,” the report authors wrote. “Cybercriminals are growing more advanced. And attacks are evading traditional security tools, leaving people as the last line of defense.”
As the tactics are constantly shifting, organizations should employ a multi-layered defense including email authentication (DMARC), machine learning and policy enforcement, and domain monitoring. Other security leaders have also recommended taking some of those decisions away from users around email to bolster security.