Portal-based communication systems have become the latest targets of cybercriminals, despite their popularity for convenience and security. In a recent report, Cofense Inc. shows how attackers bypass these systems using trust in leading email security providers like Proofpoint, Mimecast, and Virtru.
The Cofense report details a wave of phishing attacks that impersonate the branding and workflows of trusted email security providers. Building on the credibility of well-known companies, attackers have managed to dupe users into leaking sensitive information via fake email attachments, phishing links, and credential-harvesting tactics.
Attackers sent emails that spoofed Proofpoint's secure email branding, including malicious links and HTML attachments. These links directed victims to counterfeit login pages that resembled Proofpoint portals. Victims who entered their credentials inadvertently granted attackers access to sensitive accounts.
Emails claiming to originate from Mimecast included fake attachments and sophisticated language to appear legitimate. Subtle red flags, like mismatched sender domains or the use of free email services (e.g., Gmail), were overlooked by recipients.
Phishing emails used Google Docs links styled with Virtru branding. The links directed users to fake secure email portals designed to harvest credentials.
Portals require usernames and passwords to access content. This dependence makes them prime targets for phishing, where attackers replicate portal login pages to harvest credentials. Moreover, many users reuse passwords across platforms, increasing the fallout of a single breach.
The attackers use trusted brand logos, colors, and layouts to exploit users' inherent trust. In this case study, victims would likely click through malicious emails, as these looked like familiar providers.
Portal notifications still often show up by email which attackers use for phishing. These emails can contain embedded malicious links or attachments camouflaged as routine notifications like accessing a secure document.
Even though SEGs work to filter out malicious emails, they are not error-free. According to Cofense, in 2023, malicious emails that bypassed SEGs increased by 104.5%. More specifically, the report notes that Mimecast impersonation attacks succeeded partly because SEGs did not flag cleverly disguised phishing emails.
Most users tend to act before they think when branding recognition or familiar workflows are involved. For example, when the victims in the case study entered credentials into fake portals only because their design and branding were so convincing.
The report showed a 49% increase in credential phishing attacks from 2022 to 2023, showing how attackers' success rates increase when portal systems rely on user authentication.
Techniques like embedding phishing links in Google Docs, as seen with Virtru, and using HTML attachments, as seen with Proofpoint, show how attackers adaptable attackers are. These strategies bypass traditional defenses, as evidenced by:
While other sectors also use portals, those related to healthcare and finance are the most targeted because of the high value of protected health information (PHI). More specifically, the report mentions an 85% increase in SEG bypasses in healthcare.
The report warns, "It only takes one breach to damage a company's financial status, brand reputation, and customer trust."
So, instead of using risky patient portals, providers should use HIPAA compliant emails for user-friendly, convenient, and secure patient-provider communication.
HIPAA compliant email solutions, like Paubox, offer encryption that eliminates unnecessary logins while reducing the risk of credential phishing. It also offers advanced threat detection to identify anomalies in email content.
Furthermore, it uses multifactor authentication (MFA) to reduce the likelihood of attackers using stolen credentials.
Ultimately, it allows providers to share information with patients and among care team members, leading to better coordination of care and improved health outcomes.
Go deeper: Why patient portals are inconvenient: An evidence-based perspective
HIPAA compliant emails are secure email platforms that adhere to the regulations outlined in the Health Insurance Portability and Accountability Act (HIPAA) to protect patients’ protected health information (PHI).
Yes, HIPAA compliant emails can include attachments containing medical images, documents, or other sensitive information, protecting patient privacy and preventing unauthorized access during transmission and at rest.
Yes, patients can directly email their providers for clarification, their provider can then respond with a HIPAA compliant email, offering support while maintaining patient privacy.