Manitoba

Phishing scam targets doctors with emails from the College of Family Physicians of Canada

An online phishing email from a College of Family Physicians of Canada email address tried to hook doctors with a request to click a link, a Manitoba doctor says.

College investigating why email was sent to its members which include 38,000 doctors across Canada

Dr. Michael Hochman is one of the nearly 1,500 doctors in the province that potentially received a compromised email from the College of Family Physicians of Canada. (Lyzaville Sale/CBC)

An online phishing email sent from a College of Family Physicians of Canada email address tried to hook doctors with a request to click a link, a Manitoba doctor says.

"I had not one but two emails from the college. I opened each of them, and each of them was requesting to click on a link and pay a large sum of money," said Dr. Michael Hochman, who didn't click the links.

It's not clear how many doctors received the email or whether any were taken in by it, but the college, which has 38,000 members across the country, has acknowledged the emails went out.

"CFPC is investigating a phishing email that was distributed to college members yesterday. We will communicate with them when information is available," said Jayne Johnston, director of communications for the college, which is responsible for establishing standards for training, certification and lifelong education of family physicians.

Hochman is one of nearly 1,500 doctors in Manitoba who might have received the phishing email. He received the first around 2:45 p.m. Tuesday, and then a second about 10 minutes later.

The family doctor didn't hear directly from anyone at the College of Family Physicians of Canada until around 10 p.m.

"It's disappointing when we have very sophisticated passwords, sometimes multiple passwords that protect our personal information, and to know that very quickly you're one click away from losing and compromising all of that is not a great feeling," he said.

In an email update Hochman received last Thursday, the college said "We confirm that a CFPC email account hosted by a third party was compromised.  A detailed investigation is under way."

He received an apology email from The College of Family Physicians on Monday.

The college said it has retained legal counsel and is working with a cybersecurity company, but cannot provide more information due to an ongoing investigation.

This was the suspicious and poorly-spelled email received by doctors in Manitoba and across the country. (Submitted by Michael Hochman)

Eddie Phillips, a cybersecurity consultant with Shield Networks Inc., said this type of phishing is extremely common.

"This type of assault is a $1.6 trillion industry, meaning they're very motivated to make these as sophisticated as possible in order to fool people," Phillips said.

While the college is investigating this particular breach, Phillips said it's important for an affected business to take the proper steps to restore and protect their system, or the hackers can trick employees again and take further steps to infiltrate the company.

About 90 per cent of these types of privacy breaches happen because hackers are fooling people into clicking the emails and links, Phillips said.

"If you know what to watch for, like urgency or financial impact, then you'll know. Red flags will start to go off," he said.

Hochman said he doesn't know whether other doctors clicked the links, but he's concerned.

"We have so much personal information saved and invested on various online platforms," Hochman said.

"I feel a little jaded, that at some point it's going to affect each of us, and for me, I hope it's not going to happen soon."

An online phishing email sent from a College of Family Physicians of Canada email address tried to hook doctors with a request to click a link, a Manitoba doctor says. 3:14

Comments

To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.