What is appointment confirmation spoofing?

Appointment confirmation spoofing uses email contacts and common email styles used by organizations, like healthcare providers, to infiltrate recipients' mailboxes with malicious content. 

Appointment confirmation spoofing as a cybersecurity threat

According to a study published in BMJ Health and Care Informatics, “Phishing is a method of attempting to gain potentially valuable details, such as usernames, passwords or medical data, for malicious reasons, using targeted communications such as email or messaging in which the attacking party encourages recipients to click links to websites running malicious code or to download or install malware.” 

Appointment confirmation spoofing is a type of email scam where threat actors impersonate legitimate sources to send fake appointment confirmation messages. They often pretend to be from reputable healthcare providers, like a doctor's office or a hospital, and these emails might look very official. 

The scammers have the goal of tricking recipients into clicking on malicious links or attachments to then infect recipient devices with malware or steal personal information. The tactic can severely compromise email security. When employees fall for these scams, they may inadvertently give hackers access to the company's entire network.

How it is executed

• The first step is targeting and research. Threat actors identify targets and collect information aimed at improving the legitimacy of their spoof emails. 
• Based on the style and tone of the organizations' emails, and the collected information at times collected through another form of cyberattack used against the organization, Spoof emails are developed. 
• Malicious links and attachments are then added to siphon information from patients like their login information, or to install malware. 
• The emails are then sent to targets from the organizations' email list. These targets are often older patients. 
• Once the recipient interacts with the email, attackers achieve their goal and can then commence with the theft of valuable data from patients. 
  
  

The solutions to navigate it

1. Make use of easily identifiable email security features that patients can recognize like branded email templates using design elements that are difficult for phishers to replicate.
2. Use consistent email patterns in the form of language and structure that are easily recognizable. It makes deviations easier to spot by patients. 
3. Make use of phishing incident reporting mechanisms where patients can report suspicious emails. The process should be advertised regularly and encourage patients to email before responding to suspicious emails. 
4. Advanced threat detection and response software assist in looking for the initial signs of phishing or unauthorized access. The technology provides awareness of the initial information seeking stage of the appointment confirmation attack where patient emails and the email style of the organization are collected. 
5. Use HIPAA compliant email providers that protect against unauthorized access while also providing assurances of the sender's identity like Paubox. 
   
   

FAQs

What is a threat actor? 

It is a person or group carrying out malicious activities against computer networks or systems. 

What is the CISA?

The Cybersecurity and Infrastructure Security Agency is a US federal agency that works towards national cybersecurity resilience and reliability. 

What is spoofing?

Spoofing in general is the disguising of communication from an unknown source as being from known, trusted sources.