5.3.2 Phishing

Phishing is a relatively common social engineering attack and possibly one of the biggest threats to the healthcare sector today.

Social engineering is the process in which a criminal exploits, deceives, and manipulates a victim into giving away personal information.

There are several types of phishing attacks, such as:


Pretexting involves the attacker fabricating or exaggerating a scenario to get the victim’s personal information (PI). The attacker will pretend to be part of a trusted organization and ask victims to confirm their identity, which they will then use for fraud.


In this kind of attack, the attacker will use false promises to get the victim’s attention.

Once the attacker has the victim’s attention, they will ask for the victim’s personal information. When the attacker has finally received the data, it becomes easier for them to infect the system with malware.

Quid Pro Quo

“Quid pro quo” literally translates to “favor for a favor.” This involves attackers pretending to be IT experts providing security services. These services could be as simple as speeding up the internet connection.

Sensitive information is collected from the individual being scammed, and once these hackers have the data, they use it for blackmail or sell it on the dark web.

Email Phishing

Email phishing happens when attackers send out emails to random email addresses. These emails usually have a suspicious URL attached to them.

When the victim clicks on these URLs, their personal information is revealed as their systems get hacked.

Spear Phishing

Spear phishing is directed toward a specific individual or an organization. Emails are sent out with suspicious material to the victim.

While this scam is often used to collect data, it can also be used to infect an organization’s systems with malware.

Notify of
0 Discussions
Inline Feedbacks
View all comments
Post a comment

Leave a Comment

Your email address will not be published. Required fields are marked *

Would love your thoughts, please comment.x