Phishing Scam Disguised as Official OCR Audit Communication: What to Look Out for

Phishing scams happen all the time and there was recently one discovered that appeared to come from a government agency. Learn more about it here.

Cyber attackers are becoming more and more complex with every attack. Now, you do not just have to look for email that looks like spam. You should also be aware of emails that may look legitimate but are not. The OCR recently released a statement about a phishing email that is designed to look like official OCR Audit Communication.

Who is Targeted and How this Phishing Scam

The email comes across looking as though there is nothing wrong. It has a mock version if the HHS Departmental letterhead and even the signature of the OCR’s director, Jocelyn Samuels. To the untrained eye, it looks like it is official government communication. So what is the goal of the phishing email? They have set out to target employees of HIPAA covered entities and business associates. In the email, the recipient is prompted to click a link that is warning of possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program. The link does not link back to a government page but instead directs people a non-governmental website that is marketing a firm’s cybersecurity services. The Office of Civil Rights is taking this unauthorized use of their information very seriously and is warning people who may have been targeting to contact them.

How to Avoid Phishing Scams

Phishing scams happen every day. It can sometimes be difficult to determine whether or not an email is legitimate but there are some easy ways to help you determine the difference. Before you click on any links in an email that you think may be suspicious, you should use the following methods to determine it is legitimate.

• Look at the sender. When there is a phishing email, everything else may look correct but it the email address is one you have never received correspondence from before and you do not recognize it, it is possible that it is not a legitimate email.
• Avoid clicking links in an email. The links are where the attackers get to you. Instead of clicking the links, try typing the information in a search bar and getting to the website directly from there. It is a much safer method than clicking the link and realizing you were the victim of an attack.
• Only enter your sensitive data on secure websites. Even if you do click the link in the email and it takes you to a website that looks pretty real but may seem a bit off, never enter your information. You should make sure that the website is secure before you enter in any information. If you do enter the information in, you are giving them full access and permission to hack you.
• If you are ever in doubt, make sure you delete the email. If you even have the slightest idea that the email may be a phishing attempt, so not even click on it. You can always follow up with the company later to see if it was legitimate. It is much better to play it safe than to run the risk if you are in doubt.

Phishing scams are a major way hackers get valuable information. You should always avoid opening suspicious emails and make sure that you are being safe. If you would like more information about phishing scams in New Jersey, be sure to contact eSOZO Computer and Network Services via info@esozo.com or (888) 376-9648. Do not become a victim; play it safe.

Author: Aaron White, Date: 15th December 2016