Following recent “spear phishing” attacks, the Texas Medical Association cautions its members to be on the lookout for cyber scammers pretending to be TMA President Jayesh “Jay” Shah, MD.
The latest email scams circulating to member physicians ask for credit card donations for TMA fundraising, claiming TMA Treasurer Gregory Fuller, MD, is unavailable and that donors will be repaid. Others ask for personal contact information for an “employee info center,” “task scheduling,” or a “team executive plan.” The scammers, who pose as Dr. Shah, use fake email signatures that do not include an organization-specific domain, in TMA’s case, texmed.org.
These hyper-focused attacks, called “spear phishing,” impersonate specific individuals – usually those with leadership positions within an organization – to steal money or data. At least one physician who thought they were legitimately donating to TMA’s fundraising initiatives has lost money due to the most recent batch of cyberattacks, TMA reports.
“These type of cyberattacks are getting more and more common,” Dr. Shah said. “Remember: TMA will never ask you for money for operational expenses or gifts for other physicians or staff.”
Alan Atwood, TMA’s vice president of technology and administrative services, says official communication from TMA will always include an organization-specific email domain and will never ask for immediate action to give money or donations. Although recent scams have posed as Dr. Shah, Mr. Atwood anticipates in the future cybercriminals may pose as other members of TMA leadership.
Unlike general phishing attacks, which try to scam as many victims as possible, spear phishing involves extensive research to trick targets. Attackers gather personal information, including job titles and organizational structures, to craft highly personalized messages that appear legitimate and trustworthy. These messages apply pressure to targets by including “immediate action required” or “urgent” within the email’s subject line.
Mr. Atwood recommends physicians:
- Exercise caution when opening email attachments from unknown or suspicious sources;
- Call the individual sending the email to confirm if unsure;
- Use two-factor authentication to access their accounts; and
- Hover their cursor over the email address to view a sender’s full email address, which can sometimes reveal that an email is not legitimate.
Although TMA has its own internal cyber protections that flag potential scams and phishing attacks, Mr. Atwood says scammers have increasingly impersonated association leadership to bypass those defenses. TMA members have also been targeted by cybercriminals pretending to be affiliated with TMA, a TMA-authorized vendor, or a county medical society.
Dr. Shah recommends physicians examine the tone of suspected scam emails to check if it matches how the sender usually speaks. As an added layer of confirmation, he says physicians should always call the supposed individual to verify an email’s validity, especially if it asks for financial or private contact information.
TMA offers information regarding common scams, including how to navigate suspicious mailing lists and websites. Physicians can report fraud directly to the Federal Trade Commission.
Physicians also can receive cyber consulting services and cyber liability coverage from the Texas Medical Liability Trust, which typically includes network security and privacy-related exposures such as lost or stolen laptops or theft of patient data.
Alisa Pierce
Reporter, Division of Communications and Marketing
(512) 370-1469