Here is how it works.
• You (or one of your employees) receives an e-mail from a shipping company (or even from the U.S. Post Office) indicating that they were recently unable to deliver a package to your address.
• It may say something like the address or suite number was incorrect, or that it was after hours.
• It looks very legitimate, and it may even have a package tracking number.
• It usually comes from a person who has an e-mail address that looks like it comes from one of the companies listed above — almost, that is.
• The message says you need to print off the shipping label (attached to the e-mail) and bring it to the post office and pick up your package.
The problem with this is that the attachment contains harmful code that can infect your systems, possibly with either spyware or a virus. In addition, it could install software on your computer that could turn it into a “bot” computer, from which they could launch a cyber attack on the Internet at a later time (when you read about a massive attack that “shuts down” a Web site, frequently a large, public company or a government, that is typically how that is done. An organization uses scams like these to infect a bunch of computers with “sleeper” code, and then, when they want to launch an attack, they send a command to all these computers and voila, another Web site is crashed with thousands of simultaneous visitors. These are known as Denial of Service, or DoS, attacks.)
So you may unwittingly become a player in a world-wide scam that not only puts your systems at risk, but may cause your facility to be black-listed. Recovering from a black-list episode can easily put your facility out of business for several days.
You should inform your staff of this scam as they may be the ones who receive the e-mail and they may think they are doing the ASC management staff a favor by following up on the e-mail because most packages and shipments in healthcare are usually important.
The lesson here is to watch out for scams that take advantage of employees who are doing something in a hurry, something that is routine or seems fairly legitimate.
Marion K. Jenkins, PhD, is founder and CEO of QSE Technologies, which provides IT consulting services for ASCs and other medical facilities nationwide. Learn more about QSE Technologies at www.qsetech.com.
