back to article Health workers are top of phishers' target lists thanks to data value

Nurses are among the groups most heavily targeted by email scammers because of the value of the data they can access, according to email security biz Proofpoint's Adenike Cosgrove. Cosgrove, an infosec strategist for Proofpoint, told The Register that not only are nurses and other frontline healthcare professionals at the top …

  1. Version 1.0 Silver badge

    This has been going on for a while

    We're in the medical industry and we've seen a big uptick in virus deliveries, spam and infection attempts since November.

  2. Handlebars

    Had a couple of people caught out by a pay rise scam where you had to register your bank details to get the rise. I don't blame nurses for not being IT experts, but I thought the promise of a double digit pay rise in the NHS should have raised their suspicions.

    1. Anonymous Coward
      Anonymous Coward

      Probably it would have sailed through if it was signed by Boris, he's promising everyone more money - standard phishing mode.

      1. BebopWeBop Silver badge

        You might scoff, but before Christmas, I was on a regular visit to a relative who is in an NHS facility, and I listened with some amusement to care workers discussing Johnson et al - "well he is going to deliver 50,000 more nurses and 20,0000 more police, so I support him'. People do believe them and many of them vote.

  3. Doctor Syntax Silver badge

    "We blanket-train people into saying don't enable macros, don't open Word documents, yet HR professionals get emails they're not expecting every single day. Their job is to open them! So now you're telling me that I shouldn't do my job?"

    Perhaps your job should be to require candidates to send CVs as plain text, Word documents will be deleted unread. Mail will be read as plain text so trying cute formatting with HTML will make it look like junk.

    This may disadvantage those trying to make a poor CV look better with lots of window dressing. That in itself may be an advantage to your employer.

    1. Robert Helpmann?? Silver badge
      Childcatcher

      A number of businesses I have dealt with recently require you to submit your resume/CV through a web form often with an option to drag a document into it and let the site parse out everything for you. While this does present some surface area to attack, it is nowhere near as bad as the send email attachment route.

    2. Version 1.0 Silver badge

      And they follow the rules until they get an email that promises a new order, custom delivery or a virus update that just needs them to go to a link. How many people know that an image (.img) attachment is not a picture?

      1. Pascal Monett Silver badge
        Facepalm

        Thanks to Microsoft having had the brilliant idea of hiding file extensions, I'd wager that that number is probably in the billions.

    3. big_D Silver badge

      We block Word and Excel documents in old formats and macro enabled formats at the perimeter.

      But if a prospective employee is so stupid as to send a Word document, let alone one with macros, they should never make it into the initial selection process!

      1. the Jim bloke Silver badge

        Should be clearly stated on the HR submission web page

        Word and Excel format documents will be deleted, un-opened

        with a description of what is an acceptable format. It may detract from their pretty corporate style statement but ...fuck their pretty corporate style statement...

        1. BebopWeBop Silver badge

          A simple intelligence filter.

  4. BigE

    Why do nurses need external email?

    Why do staff who have blanket access to patient details have external email? Why don't hospitals have an red and black network like the mil? I mean it's not like they have to lookup webmd for advice is it?

    1. BebopWeBop Silver badge

      Re: Why do nurses need external email?

      There are many reasons, not very many of them good. But I suspect the most compelling for administrators who want the systems to be used is "because it is easy".

  5. big_D Silver badge

    HR

    HR professionals too. Their job is to open those emails, open those Word documents. Their job is to enable the macros so they can read the CVs!"

    Sorry, no, their job is to filter out anybody stupid enough to send a CV in a Word document and especially anybody clueless enough to send one with Macros!

    1. Doctor Syntax Silver badge

      Re: HR

      Unfortunately HR recruited people for HR who are too stupid to realise that. HR are recursive.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020