The FBI warns that cybercriminals are using spoofed emails and phone numbers to target plastic surgery offices across the United States for extortion in phishing attacks that spread malware.
After gaining access to their networks, the attackers steal data from compromised systems that they'll use to extort surgeons and patients.
Documents stolen in these breaches can contain very sensitive data, including personally identifiable information, sensitive medical records, and, in some cases, even intimate photographs taken for medical purposes.
After obtaining this data, they add more information to the harvested ePHI using open-source information, such as social media details, to make their extortion attempts more convincing.
"Cybercriminals use open-source information, to include social media, and social engineering techniques to enhance the harvested ePHI data of plastic surgery patients," the FBI said.
"Cybercriminals use the enhanced data as leverage for extortion in Phase 3 and may use it for other fraud schemes."
Then, they reach out to plastic surgeons and patients through social media, emails, text messages, or messaging apps, threatening to share the sensitive ePHI unless an extortion payment in cryptocurrency is made.
To apply even more pressure on the victims, the cybercriminals might also share this sensitive data with the victims' friends, family, or colleagues, as well as create public-facing websites displaying the information.
The attackers will also promise victims that they'll stop sharing the electronic protected health information (ePHI) upon receipt of the extortion payment.
How to protect yourself from such extortion attempts
The FBI says that surgeons and patients at risk of being targeted can take some proactive steps to protect thei ..
Support the originator by clicking the read the rest link below.
