Cyber criminals harvest sensitive personally identifiable information (PII) and medical files of plastic surgical offices to extort doctors and patients, the FBI has unveiled.
The announcement of public services on October 17, 2023 warned that once harvests, once harvested, require a ransom of plastic surgeons and patients to prevent this data from being shared, which often includes sensitive photos.
How the attackers work
The FBI emphasized that the three-phase approach that cyber criminals use to launch this scams:
- Phase 1 – Data harvest. The attackers send phishing messages to plastic surgery offices with the aim of using malware. Once the malware has been performed, they harvest electronically protected health information (Ephi) and PII.
- Phase 2 – Data improvement. Cyber criminals then use open-source information, such as social media accounts, and techniques for social engineering to ‘improve’ the harvested EPHI data, to use as a lever for extortion and other attacks.
- Phase 3 – extortion. Plastic surgeons and their patients are then contacted via social media accounts, e -mails, text messages or messages -apps to ask for the extortion. Sometimes attackers put extra pressure on victims by sharing the sensitive Ephi with family, friends and colleagues and even public websites with the data. The cyber criminals tell victims that they will only stop sharing this data if a extortion payment is made in cryptocurrency.
How you can protect against these attacks
The FBI has determined the following advice for plastic surgeons and their patients to reduce the risk of the target in this way:
- Strengthen the privacy settings in your social media accounts, such as making your account private. In addition, friends lists must be checked to ensure that they consist of and visible to people you know, and only accept friendship requests and follow people you know. Two-factor authentication must also be switched on when you register with your account.
- Make sure that all online accounts, such as E -mail and social media, are secured with unique and complex passwords.
- Regularly check bank accounts and credit reports for suspicious activities and consider placing a fraud alert or security protection on your credit reports to prevent unauthorized access.
- Report any fraudulent or suspicious activities to the FBI and provide details such as the name of the person who contacted you, the method of contact and crypto portion addresses/bank account numbers of Extorters.