Phishing scam targets doctors with emails from the College of Family Physicians of Canada

CBC
·3 min read

An online phishing email sent from a College of Family Physicians of Canada email address tried to hook doctors with a request to click a link, a Manitoba doctor says.

"I had not one but two emails from the college. I opened each of them, and each of them was requesting to click on a link and pay a large sum of money," said Dr. Michael Hochman, who didn't click the links.

It's not clear how many doctors received the email or whether any were taken in by it, but the college, which has 38,000 members across the country, has acknowledged the emails went out.

"CFPC is investigating a phishing email that was distributed to college members yesterday. We will communicate with them when information is available," said Jayne Johnston, director of communications for the college, which is responsible for establishing standards for training, certification and lifelong education of family physicians.

Hochman is one of nearly 1,500 doctors in Manitoba who might have received the phishing email. He received the first around 2:45 p.m. Tuesday, and then a second about 10 minutes later.

The family doctor didn't hear directly from anyone at the College of Family Physicians of Canada until around 10 p.m.

"It's disappointing when we have very sophisticated passwords, sometimes multiple passwords that protect our personal information, and to know that very quickly you're one click away from losing and compromising all of that is not a great feeling," he said.

In an email update Hochman received last Thursday, the college said "We confirm that a CFPC email account hosted by a third party was compromised. A detailed investigation is under way."

He received an apology email from The College of Family Physicians on Monday.

The college said it has retained legal counsel and is working with a cybersecurity company, but cannot provide more information due to an ongoing investigation.

Submitted by Michael Hochman
Submitted by Michael Hochman

Eddie Phillips, a cybersecurity consultant with Shield Networks Inc., said this type of phishing is extremely common.

"This type of assault is a $1.6 trillion industry, meaning they're very motivated to make these as sophisticated as possible in order to fool people," Phillips said.

While the college is investigating this particular breach, Phillips said it's important for an affected business to take the proper steps to restore and protect their system, or the hackers can trick employees again and take further steps to infiltrate the company.

About 90 per cent of these types of privacy breaches happen because hackers are fooling people into clicking the emails and links, Phillips said.

"If you know what to watch for, like urgency or financial impact, then you'll know. Red flags will start to go off," he said.

Lyzaville Sale/CBC
Lyzaville Sale/CBC

Hochman said he doesn't know whether other doctors clicked the links, but he's concerned.

"We have so much personal information saved and invested on various online platforms," Hochman said.

"I feel a little jaded, that at some point it's going to affect each of us, and for me, I hope it's not going to happen soon."

  • Up next
  • Up next
  • Up next
  • Up next

Latest Stories