• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage
  • Life Sciences
  • Research

Popular Social Engineering Cyberattacks and How to Prevent Them

by Brian Bobo, Chief Digital Officer at Greenway Health 12/14/2022 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print
Popular Social Engineering Cyberattacks and How to Prevent Them
Brian Bobo, Chief Digital Officer at Greenway Health

Did you know, in the first half of 2022, there were 817 cases of data compromises in the United States, and over 53 million individuals were affected?

A multinational hospitality group faced an attack that caused their IT system to shut down for 2 consecutive days. After tricking an employee into downloading a malicious piece of software through an email attachment, this hotel chain’s attackers obtained extremely sensitive information that included the password to their internal password vault, QWERTY1234 to be exact. The attackers then began irreversibly destroying the hotel chain’s data, documents, and files.

After persistent login attempts to a ride share company employee’s account, an attacker manipulated an external employee into accepting a two-factor login approval request. The attacker was able to then register their own device for multi-factor authentication (MFA), successfully login, and obtain access to several employee accounts, send messages through the companies’ Slack channels, and reconfigure the OpenDNS to display a graphic image on internal websites.

The situations mentioned, both occurring in September 2022, demonstrate effective social engineering. Social engineering is the use of social methods to manipulate individuals into divulging personal or confidential information which can then be used for fraudulent purposes. While these methods are not new, the strength of these continually evolving attacks is alarming and should be noted as it is a favorite among cybercriminals.

Current Social Engineering Tactics

Phishing

More than 90% of successful cyberattacks begin as phishing emails. One of the most common threats to date, phishing, consists of attackers sending malicious messages to gain personal, sensitive information. Hoping to obtain financial knowledge, sensitive materials, and system credentials, these inexpensive messages mimic genuine businesses and result in high-target profits based on the valuable data obtained.

Utilizing fear and urgency tactics, an attacker’s overarching goal is for users to miss warning signs and trust an email they might otherwise report. Emails sent will mention a restricted account, password change, or unrecognized login to name a few. For businesses, common tactics may include fake invoices that trick payroll into sending money or opening a damaging website.

MFA Fatigue

A strategy rising in popularity among hackers, MFA Fatigue, occurs when an attacker runs a script that repeatedly attempts to login with stolen credentials, resulting in an endless stream of MFA push notifications. In addition, attackers will also send emails impersonating IT support, in hopes to validate the notifications. The end goal is to overwhelm the target by creating a sense of “fatigue” in hopes the user approves the MFA request to get the notifications to stop. Or, because the user is used to getting multiple MFA requests a day they become used to just approving them so they can work. The MFA request if approved — allowing the attacker to successfully login.

Pretexting

A manipulative technique that tricks victims into disclosing sensitive information, pretexting involves a fictional situation, developed by an attacker, that results in stolen personal data. During these attacks, hackers will ask targets for specific information, assuring that it is needed to confirm their identity. These attackers may present themselves as IT, HR, or C-level executives hoping to validate and obtain your personal information to carry out secondary attacks.

It is important to note that phishing is a tool, whereas pretexting is an attack method. Phishing requires victims to download dangerous attachments or visit dangerous websites by utilizing fear. Pretexting, on the other hand, builds a false send of trust with the target, strengthening a believable story to avoid detection.

Protect Yourself with Proper Passwords

Implementing a strong password is key in being your first line of defense from cyberattacks. Protect yourself with these simple and effective best practices:

– Continually change your password at least once a quarter.

– Do not use the same password for multiple accounts.

– Utilize unique passwords that are difficult to guess and lengthy. Strong passwords must be at least 12 characters and utilize a combination of letters, numbers, and symbols – try creating a sentence.

– Do not store passwords in unsecured locations like an excel file on your desktop or post-it notes on your desk.

– Use multi-factor authentication. This method requires users to provide two or more verification factors to gain access to a resource.

– Consider a password manager. These software applications utilize highly advanced encryption and security designed to store and manage your online passwords.


About Brian Bobo

As Chief Digital Officer at Greenway Health, Brian is responsible for Greenway’s IT organization, overseeing the cloud-based environments of thousands of clients. Passionate about building teams and fostering collaboration, he is skilled at creating long-term cyber strategies. Brian holds a Bachelor of Science from the U.S. Military Academy at West Point and an MBA from the University of Florida, and he serves on the advisory boards of the University of South Florida’s Cybersecurity for Executives program.

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: cloud, Cybercriminals, Cybersecurity, Greenway Health, Phishing

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Insights

2025 EMR Software Pricing Guide

2025 EMR Software Pricing Guide

Featured Interview

Paradigm Shift in Diabetes Care with Studio Clinics: Q&A with Reach7 Founder Chun Yong

Most-Read

Medtronic to Separate Diabetes Business into New Standalone Company

Medtronic to Separate Diabetes Business into New Standalone Company

White House, IBM Partner to Fight COVID-19 Using Supercomputers

HHS Sets Pricing Targets for Trump’s EO on Most-Favored-Nation Drug Pricing

23andMe to Mine Genetic Data for Drug Discovery

Regeneron to Acquire Key 23andMe Assets for $256M, Pledges Continuity of Consumer Genome Services

CureIS Healthcare Sues Epic: Alleges Anti-Competitive Practices & Trade Secret Theft

The Evolving Role of Physician Advisors: Bridging the Gap Between Clinicians and Administrators

The Evolving Physician Advisor: From UM to Value-Based Care & AI

UnitedHealth Group Names Stephen Hemsley CEO as Andrew Witty Steps Down

UnitedHealth CEO Andrew Witty Steps Down, Stephen Hemsley Returns as CEO

Omada Health Files for IPO

Omada Health Files for IPO

Blue Cross Blue Shield of Massachusetts Launches "CloseKnit" Virtual-First Primary Care Option

Blue Cross Blue Shield of Massachusetts Launches “CloseKnit” Virtual-First Primary Care Option

Osteoboost Launches First FDA-Cleared Prescription Wearable Nationwide to Combat Low Bone Density

Osteoboost Launches First FDA-Cleared Prescription Wearable Nationwide to Combat Low Bone Density

2019 MedTech Breakthrough Award Category Winners Announced

MedTech Breakthrough Announces 2025 MedTech Breakthrough Award Winners

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |