Skip to main content

Social Engineering Attacks Target Health Sector IT Help Desks

On April 3, 2024, The Healthcare Cybersecurity Coordination Center (HC3) issued an alert to the Healthcare and Public Health (HPH) Sector that threat actors are targeting their IT help desks in a sophisticated social engineering attack. In this instance, threat actors are employing vishing, or voice phishing, as their attack vector.

Social Engineering Attacks target

The Vishing Attack

Posing as healthcare employees in a financial role, threat actors are calling IT help desks using the pretext that their phone is broken, and they are no longer able to receive MFA (Multi Factor Authentication) tokens. The IT help desk employee enrolls a new device in MFA authentication allowing them to “regain” access to corporate resources.

Why the Vishing Attack Works

This attack is successful for several reasons. First, the threat actors diligently researched their targets, likely using publicly available information sources and professional networking sites. As a result, they obtained sensitive information such as the last four digits of the target employee’s social security number and corporate ID number. With this sensitive information, they were able to provide convincing proof of employee identity and company status. Second, they created a sense of urgency by stating they had broken phones that do not accept MFA tokens. Through this sophisticated social engineering scam, they manipulated the IT employees into acting on their behalf. Now with access to corporate resources the threat actors were able to divert legitimate payments and to install malware.

Protect Your Employees and Your Organization

How secure is your organization when an attacker calls your help desk or frontline staff? Our Managed Vishing Service proactively defends against malicious social engineering attacks. The team of experts at Social-Engineer, LLC will simulate realistic vishing calls to test your employees’ awareness and response to potential threats, while providing training on how to recognize and prevent such scams.

We are committed to combating the growing vishing threat by providing valuable insights through our 2024 State of Vishing Report. By analyzing over 16,500 recent vishing calls, we have identified trends and patterns that can help organizations better prepare for and prevent such attacks. Visit our website to download this free comprehensive report and register for a free online seminar with Chris Hadnagy, CEO and Founder of Social-Engineer, LLC, and Dr. Abbie Maroño as they break down the data in the 2024 State of Vishing Report.

Safeguard your business from the dangers of vishing today.

Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now