With fraudsters increasingly targeting GP practices, practice managers and doctors need to be aware of the latest scams.
A new guide from the Association of Independent Specialist Medical Accountants (AISMA) outlines five new tactics the thieves are using:
1. CEO fraud – a staff member receives a message from a partner’s email address ordering them to make an urgent, confidential payment. They may not realise that the partner’s email has been hacked.
2. Vishing – victims are duped into giving away passwords and bank details by bogus callers. You may have read stories in the press about people being conned by callers posing as policemen or bank officials, but be aware that similar tricks can be used against surgeries. Vishing is a new version of phishing (email scams) while smishing (text scams) are becoming common too.
3. Malware – malicious files infect the victim’s PC and then monitor keystrokes to detect their password.
4. Ransomware – similar to malware except that the program blocks access to files until the victim pays a ransom fee.
5. Cyber extortion – also involves a ransom demand, but in this case the fraudsters threaten to leak confidential data or post malicious comments.
However, let’s not forget about the old favourites. Invoice fraud is where practice managers receive bogus invoices, or a letter purporting to be from a regular supplier requesting that they change the bank details for future payments. Perhaps the most distressing of all – although admittedly very rare – is insider fraud, typically involving a trusted member of staff under huge financial pressure who is siphoning off money from the practice.
The report concludes that all practices should put controls in place and it is unreasonable to expect one staff member to take sole financial responsibility for the practice.
To find out more and learn how to safeguard your practice, download the guide.