Skip to main content

Social Engineering Targeting

Attackers are setting up email accounts registered on webmail services such as Hotmail in the name of an employee at a CCG/GP practice or supplier.
Threat ID:
CC-1092
Category:
Threat Severity:
Medium
Threat Vector:
Spear phishing
Published:
19 January 2017 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Attackers are setting up email accounts registered on webmail services such as Hotmail in the name of an employee at a CCG/GP practice or supplier.

Threat details

The attacker uses the email account to target a staff member at the CCG/GP (for example a GP Practice Manager) to convince them to transfer funds to a UK bank account.

Generally untargeted spam emails containing malicious attachments are easy for the trained eye to spot, whereas targeted (spear phishing) campaigns can be much more convincing:  The attacker establishes a dialogue and the user expects a response containing instructions, a link or an attachment which they are likely to act upon.

Remediation steps

Type Step
  • Make sure employees are appropriately educated to identify social engineering techniques.
  • Staff with responsibility for managing funds transfers should consider implementing validation checks for requests.
  • Organisations should review staff information that is published on public facing websites.
  • All suspected spam emails received by @nhs.net and @nhs.uk domains should be reported to NHSmail via [email protected] for analysis and blocking.  The CareCERT Best Practice pages explain this procedure.

Last edited: 17 February 2020 11:39 am