McClelland Advocacy Cyber Alert:
The FBI recently identified a resurgence in a type of malicious computer virus which, when opened, hijacks and encrypts the entire system until a ransom is paid.
How the Scam Works:
The scam starts with an online holiday shopper receiving an email that appears to be a shipping notification for a package, or indicates a problem with the package’s delivery. The email prompts the recipient to open a file or click on a link but once they click, a virus downloads to their computer.
Typically, these viruses phish for personal and banking information on your computer or device, but the FBI recently warned about the resurgence of a type of malware called “ransomware.” Once downloaded, this virus locks the computer and urges the owner to pay a ransom to the scammer responsible.
Like all scams, this one has many variations. The email content and the trusted company being pirated change often. A common version of this scam is a fake delivery failure notification. Scammers claim the attachment, (which contains the virus) is the receipt the consumer needs to collect their package from a local office.
The Better Business Bureau’s Five Tips to Avoid Malware Scams:
- Be wary of unexpected emails that contain links or attachments. As always, do not click on links or open files in suspicious emails.
- Don’t believe what you see. Before clicking on anything, verify the message with the deliverer directly by contacting them at phone numbers or email addresses on their official website. Don’t call or respond using any contact information provided in the original email.
- Beware of pop-ups. Some pop-ups are designed to look like they’ve originated from your computer. If you see a pop-up that looks like anti-virus software but warns of a problem that needs to be fixed with an extreme level of urgency, it may be a scam.
- Watch for poor grammar and spelling. Scam emails are often riddled with typos.
- Avoid taking immediate action. Scam emails try to get you to act before you think by creating a sense of urgency. Don’t fall for it.
Healthcare Organizations must be particularly on guard for these types of vulnerabilities. The obligation to safeguard HIPAA information requires vigilance at every level. We recommend clients communicate these warnings to clients, and revisit and update their email and Internet policies as well as HIPAA policies concerning encryption, mobile devices, and other risk points in the organization’s technical and communication systems.
McClelland Advocacy regularly advises its clients with respect to such issues. Should you require assistance in any of these matters, please contact Michael McClelland at firstname.lastname@example.org