Covered entities may be familiar with display name spoofing, which is a targeted email phishing attack where a hacker impersonates a legitimate email address by spoofing the display name. But display name spoofing has a sister in caller ID spoofing. Both methods involve posing as a trusted source and using social engineering to trick recipients into sharing personal information.
Read more: HIPAA compliant email: The definitive guide
What is caller ID spoofing?
Caller ID spoofing involves cybercriminals hiding their real phone number and spoofing someone else's phone number. The method means that caller ID only shows the spoofed phone number. Scammers often use a local phone number to get people to trust the caller and answer the phone. They may also spoof a well-known phone number like a hospital or impersonate a trusted contact.
Read more: VoIP providers and HIPAA compliance: the ultimate guide
What is the danger of caller ID spoofing?
Once a person answers the phone, the caller will try to pressure the recipient into sharing personal information like bank account details. A common healthcare scam is telling the recipient that the caller wants to send a medical device but needs Medicaid information from the recipient. Caller ID spoofing is a common problem for healthcare providers. The Henry Ford Macomb Hospital recently had its main phone number spoofed so that sometimes caller ID showed the name of a former doctor. As many as 200 people per day were getting calls from the spoofed hospital number where a bad actor told them they were entitled to a refund and asked for bank details. Phone spoofing does more than steal personal information. It can also damage a healthcare provider's reputation if its phone number is marked as spam or if people need to think twice if their healthcare provider is actually on the other line. It can cause a lot of trust issues between patients and healthcare providers.
How to handle healthcare caller ID spoofing scams
Patients need to be educated on the Federal Communications Commission (FCC) guidelines on how to recognize phone spoofing scams. Some of these tips include never giving out personal information over unexpected calls or hanging up and then calling a number that you know is legitimate. The FCC is also working on caller ID authentication. This process will authenticate a phone number's origin and ensure its accuracy, which will prevent people from answering their phones for a spoofed number. The goal is to combat robocalls and subsequently fraudulent callers. Healthcare providers need to provide a safe and secure way to communicate with their patients. You simply can't afford to lose your patients' trust in your security systems.
Paubox Email Suite is the solution for HIPAA compliant email. Our HITRUST CSF certified software automatically encrypts all outgoing messages and directly delivers emails to a patient's inbox. There's no need for patient portals to safely communicate with your patients.