New Scams and Hackers

In today’s digital age, scams and hackers have become increasingly sophisticated, targeting individuals and businesses alike with tactics that are harder to detect and easier to fall for. From phishing emails and fake websites to ransomware attacks and identity theft, the threats are constantly evolving. As our reliance on technology grows, so does the importance of understanding how these cybercriminals operate and what steps we can take to protect ourselves. This article dives into the world of online scams and hackers, uncovering their methods, motivations, and most importantly, how to stay one step ahead.

Facebook Scammer

One of the recent disruptors is when your Facebook account is hi-hacked, and you are locked out of your account, and you can’t remove the post. This has happened to more than one of my friends. This is what it sounds like:

They state they need to sell personal items for a family member due to the family member going to a care facility or having a medical condition. They list SEVERAL valuable items at very low cost, and ask for a “REFUNDABLE” deposit, to hold until they “return” and you have a chance to inspect the item. They state they will be out of town for a couple of weeks and are sad to have to clear out the home of this beloved person. They restrict comments, so you can’t warn anyone about this scam. They ask interested people to contact them through messenger, whereas they will give you a Zelle account. Keep in mind, this transaction CANNOT be reversed, and you are at the mercy of a scammer to return your deposit, which they WILL NOT. Think about this, the people who are “purchasing” these items think they are buying from YOU.

For those who are looking to buy from Facebook (or any other online platform) always remember, if a price is too good to be true, it probably is! NEVER Zelle or Venmo anyone you do not know, or for something like this. Insist on going to look at the items in person BEFORE any transaction is made. If they refuse, it is a scam.

Since the major data breach of 4 billion people, this information has been sold on the dark web. This information includes EVERYTHING needed to impersonate another person. We already sent this warning out last year, but feel the need to repeat…

  • Change passwords
  • Change answers to security questions
  • Enable multi-factor authentication on every account that offers this

Make sure your cell phone or email account that is used for the second authentication is secured with multi-factor authentication. Otherwise, if they hack this account, they will receive the “second” authentication instead of you!

Bank / Credit Card Scams

Scammers can spoof your banks phone number. When they call, they will say there has been a suspicious amount charged to your account. They will have your card number, your address, everything EXCEPT the code on the back of your card. If they ask you to verify give them the number to verify, they are a scammer.

If you receive a text message from your “bank”, referring to the same situation or to verify your account. Do not click on any links in the text message or email, call your bank with the number you have, or log in from your browser.

Never say “Yes”

When a person calls you and asks – can you hear me, never say yes. They may be recording you so they can make false purchases. Instead, reply “Why are you asking”.  If they ask is this Sally Smith, ask them, “why are you asking”.  This happened to me a couple weeks ago, they said: We are offering a free subscription for your type of Industry, would you like a free subscription, I asked, what kind of industry are you offering. They said we have many different industries. I replied, BUT you said you had a subscription in MY industry. They hung up!

Jury Duty / Arrest Warrant

These scammers threaten you with arrest if you do not pay the “fee” for missing jury duty or an outstanding ticket. They typically ask for a gift card, but with all the new scammers using Zelle, I am sure that will be next.

Investment Scams

With all the talk about Crypto being the next big thing, scammers are trying to capitalize on this. These scams usually start off by someone on social media offering to show you how to invest in cryptocurrencies. Again, if something sounds too good to be true, it probably is. Such as, guaranteed big returns, no risk, and the request for money to be wired or using a Zelle type system.

Renewal / Update Payment Scams

We see many of these emails and text messages targeting consumers from commonly used stores and banks. They use their store/ bank logo and add some sort of subscription ID or the last 4 digits of a credit card. Check your own renewal date and the credit card information. They are betting you won’t check and just click. When you click on the link within the email/text, it could be a virus or a fake URL to gain your login credentials. They also include the “unsubscribe” at the bottom, trying to make this look real. Sometimes the link is really connected to the store, other times, it will take you to a “fake” site and ask for your login credentials.

Job Posting Scams

This is common during the holidays when people are looking for some extra money, but this can happen at any time. They post jobs on social media sites or sometimes they will contact you via email or a text message. The message usually starts off with referring to an ad you answered. They may use a fake company or impersonate a well-known firm. These scammers offer great pay or state the compensation will be much more lucrative than it really is.  Sometimes they offer free gifts if you are a mystery shopper. Keep in mind, there are legitimate companies offering jobs, however, never pay for upfront training, interviews, lists of job opening, or mystery shopping opportunities.

Also, never accept a deposit from a company when they ask you send back a portion of it.

Remember, legitimate companies do not ask for money from potential employees or salespeople.

What can you do?

If you receive a scam, report it to the FTC (Federal Trade Commission). Although they will not update you on the progress of your report, they share this information with law enforcement to help with investigations. Together, we can help stop this criminal activity and warn others!

https://reportfraud.ftc.gov

Feel free to share this with others. The world wide web (WWW) is the new wild wild west!

Stay safe and alert out there.

If you need assistance with HIPAA Compliance, check out our HIPAA Keeper™. It’s an online compliance system that has everything you need to get compliant and stay compliant! Best of all you will have a HIPAA security analyst to guide you every step of the way!

For more information or to speak to someone about HIPAA Compliance call us at 877.659-2467 or use the contact us form.

Other related articles:

Preventing a Data Breach

Preventing a data breach can feel like a daunting task. However, a well-educated staff is your first line of defense. Although nothing is failsafe, there are many things you can do within your practice to prevent a data breach. We covered this last year, but I thought it might be time for a reminder with the latest breach from Change Healthcare.

Hacking/IT incidents remain the largest category comprising of 77% of the reported breaches. Network servers continued as the largest category by location for breaches involving 500 or more individuals at 58% of reported large breaches.

If you would like to review the list of breaches, click here: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

Many of these start from an unsuspecting employee that clicks on link or shares information before it has been verified. Most attacks begin from a phishing email, text, or a visit to a website. Once this occurs, then many times you are infected with a virus, malware, or ransomware. When this happens, your systems may be frozen, and a DOS (denial of service) begins. Let’s review how to prevent a data breach:

Emails:

What does a fake email may look like? First, they are going to look “real” until you take a closer look. Pay attention to the “from” email address. This is the most common place to start. Most email addresses will have a name you are familiar with, but the URL will be different. For example: sally@email.bankofamerica.com. So, look for anything that is “slightly” different. Then, if they want to click on a link, hover over the link to see if it is really for what they are proposing. I received an email from my “bank” asking me to “Finish the Do-To-List”. I knew I hadn’t started any such list and I hovered over the link. It was to a completely different website. I reviewed the message details and looked up the IP address, it was from Spain. My bank is not in Spain! If you would like to learn more about reading your message details, reply to this email.

Text Messages:

Text messages are somewhat the same. Look at the top of the message and review who it is from. Most of these will either be from a phone number or an email address that is not from the actual company. NEVER click on any link or call the number in the message. If you receive a message about a purchase and it states you must click to decline, DON’T! Call your bank or credit card company to verify. You must be very diligent with these messages; they try to spoof your bank or card company’s email address by adding something like this: stop@fraud.bankofamerica.com.

Websites:

Websites can be infected with malware, a virus, or redirect the information you enter. Again, it is very important to look at the URL closely before entering any credentials. When visiting unknown sites, you take the risk of being infected. This is difficult to comprehend since we all like to “surf” the web. Many recipe sites have been known to have malware since people do not maintain security on older sites. If you are going to surf, you MUST have very good anti-virus / anti malware software. I am currently using Bitdefender Total Security. When I try to go to a website and the credentials of the site do not match, my software will NOT let me go to the site unless I enter my password for my software. Your IT vendor may utilize something like this. Websites that have not been maintained or have been hacked can present all kinds of problems. Preventing a data breach means that staff members should NOT use their work computers for surfing!

Man-in-the-middle:

Another type of threat is when information is intercepted without a person knowledge, this is commonly referred to as the “man in the middle”. When a person uses a public wi-fi system, a nefarious character can spoof a legitimate connection and steal information. Depending on the type of activity, a virus or malware could be placed on the device and brought back into the office. This could in turn infect your network.

Zero-day attacks:

Then, there are zero-day exploits that happen when hackers uncover a vulnerability in a system and attack. These are usually widespread and can be all over the world. Developers must work fast to create a patch to correct this deficiency. In the meantime, your systems could be down or destroyed. This is why it is critical to maintain a backup that is not connected to your network.

Ransomware attacks are a real problem and not just for healthcare but for everyone. It has gone up 70% in just one year. Think about losing everything on your business network or your home computer. It happens, so all these recommendations are for your personal use as well.

The Office for Civil Rights (OCR) released their breach report to Congress, below are a few highlights.

The “OCR’s Reports to Congress provide useful information for everyone on trends in HIPAA complaints and breach reporting,” said OCR Director Melanie Fontes Rainer. “Our health care systems should take note of these trends and address potential HIPAA compliance issues before they experience a breach or receive notice of an OCR investigation. My staff and I stand ready to continue to work with Congress and the health care industry to drive compliance and protect against security threats.”

The HHS 2022 Report to Congress on HIPAA Privacy, Security, and Breach Notification Rule Compliance identifies the number of complaints received. Some highlights include:

  • OCR received 30,435 new complaints alleging violations of the HIPAA Rules
  • OCR resolved 32,250 complaints alleging violations of the HIPAA Rules
  • OCR resolved 17 complaint investigations with Resolution Agreements and Corrective Action Plans (RA/CAPs) and monetary settlements totaling $802,500, and one complaint investigation with a civil money penalty in the amount of $100,000
  • OCR completed 846 compliance reviews and required subject entities to take corrective action or pay a civil money penalty in 80% (674) of these investigations. Three compliance reviews were resolved with RA/CAPs and monetary payments totaling $2,425,640.

Feel free to share this blog with your colleagues. We want to educate as many practices as we can since data breaches can be expensive. If you need assistance with HIPAA Compliance, check out our HIPAA Keeper. It’s an online compliance system that has everything you need to get compliant and stay compliant! Best of all you will have a HIPAA security analyst to guide you every step of the way!

For more information or to speak to someone about HIPAA Compliance call us at 877.659-2467 or use the contact us form.

“Simplifying HIPAA through Automation, Education, and Support”

©2025 Aris Medical Solutions – HIPAA Risk Management | HIPAA Compliance Consultants | All Rights Reserved | Terms and Conditions | Privacy Policy
The content and images on this website is owned by Aris Medical Solutions and their owners. Do not copy any content or images without our consent.
Powered by Bandwise LLC