The term is “Trendjacking”, and it refers to spammers and malware authors using current trends to trick you into opening malicious email messages.
Trendjacking scams are emails that come from what looks like CNN or other news sources. The email will be about current newsworthy subjects such as the NSA spying, a celebrity scandal, etc. The purpose of the email is to get you to click on the link which will bring you to a website. Thom describes what happens when a person clicks on one of the links:
The message payload for the fictitious email might be a harmless (though annoying) ED medication ad. More often, however, the message contains a link that directs your web browser to a website that contains a “meta-sploit” attack – shorthand for a multiple vector shotgun-styled attack that throws every known hack at your computer in hopes of finding unpatched software that can be exploited. The end game of the exploit is to install a virus or malware on your PC, Mac, or even your smart phone.
Once your computer, smartphone or tablet is infected with an exploit, any information on the device or information that you access (i.e. patient information from an EHR) could be at risk.
Thom correctly points out that one of the best ways to protect yourself from phishing or Trendjacking scams is to be skeptical about emails. If the email does not look legitimate then don’t click on the link. Employee education and awareness about these types of phishing scams could work much better than relying on anti-virus or spam software alone.
How do you defend against it? The best defense is education and a healthy dose of skepticism. It’s unfortunate, but you must be on guard at all times. The next best thing is to rely on hosted email security. Though nothing can be 100% effective, a quality spam and virus countermeasure will reduce the likelihood of the messages reaching your inbox. The quarantine reports are actually rather educational since you see multiple variations of the same threats.
Share our below video on phishing scams with employees and other colleagues!
Security Tips: Phishing Sites
HIPAA regulations require HIPAA security training and periodic reminders. Make sure your employees understand phishing scams and the risk to patient information.
Free HIPAA Security Training!
All Covered Entities and Business Associates need to train their employees on HIPAA security. We now offer free online HIPAA security training for Covered Entities and Business Associates. Find out more about our free training and send the information to ALL your colleagues and Business Associates.
Now it is easy to train your employees on protecting patient information!