Phishing scam targets doctors with emails from the College of Family Physicians of Canada
College investigating why email was sent to its members which include 38,000 doctors across Canada
An online phishing email sent from a College of Family Physicians of Canada email address tried to hook doctors with a request to click a link, a Manitoba doctor says.
"I had not one but two emails from the college. I opened each of them, and each of them was requesting to click on a link and pay a large sum of money," said Dr. Michael Hochman, who didn't click the links.
It's not clear how many doctors received the email or whether any were taken in by it, but the college, which has 38,000 members across the country, has acknowledged the emails went out.
"CFPC is investigating a phishing email that was distributed to college members yesterday. We will communicate with them when information is available," said Jayne Johnston, director of communications for the college, which is responsible for establishing standards for training, certification and lifelong education of family physicians.
The CFPC is aware that an email was distributed this afternoon includes “… debit confirmation” or “debit invoice” in the subject line. <br><br>IT IS SPAM. DO NOT OPEN OR CLICK ON ANY LINKS. <br><br>The CFPC team is following up asap.<br><br>We regret any inconvenience this may cause. <a href="https://t.co/1p36Ni1u5r">pic.twitter.com/1p36Ni1u5r</a>—@FamPhysCan
Hochman is one of nearly 1,500 doctors in Manitoba who might have received the phishing email. He received the first around 2:45 p.m. Tuesday, and then a second about 10 minutes later.
The family doctor didn't hear directly from anyone at the College of Family Physicians of Canada until around 10 p.m.
"It's disappointing when we have very sophisticated passwords, sometimes multiple passwords that protect our personal information, and to know that very quickly you're one click away from losing and compromising all of that is not a great feeling," he said.
In an email update Hochman received last Thursday, the college said "We confirm that a CFPC email account hosted by a third party was compromised. A detailed investigation is under way."
He received an apology email from The College of Family Physicians on Monday.
The college said it has retained legal counsel and is working with a cybersecurity company, but cannot provide more information due to an ongoing investigation.
Eddie Phillips, a cybersecurity consultant with Shield Networks Inc., said this type of phishing is extremely common.
"This type of assault is a $1.6 trillion industry, meaning they're very motivated to make these as sophisticated as possible in order to fool people," Phillips said.
While the college is investigating this particular breach, Phillips said it's important for an affected business to take the proper steps to restore and protect their system, or the hackers can trick employees again and take further steps to infiltrate the company.
About 90 per cent of these types of privacy breaches happen because hackers are fooling people into clicking the emails and links, Phillips said.
"If you know what to watch for, like urgency or financial impact, then you'll know. Red flags will start to go off," he said.
Hochman said he doesn't know whether other doctors clicked the links, but he's concerned.
"We have so much personal information saved and invested on various online platforms," Hochman said.
"I feel a little jaded, that at some point it's going to affect each of us, and for me, I hope it's not going to happen soon."