We’ve all received a text or an email that seemed a little fishy, whether it came from a suspicious name or a supposed company. There are fraudsters out there who try to trick you into sharing your personal information with them. To keep your business safe, learn how to recognize what’s legitimate and what’s phishing.
Some scammers will send a link they want you to click that is most likely a fake website that looks somewhat legitimate. The link might even be malicious software, and if so, your computer could be harmed and your information stolen. And once someone else has your information, they can get into your existing accounts or open new accounts under your name.
According to Healthcare Distribution Alliance (HDA) Pharmaceutical Cargo Security Coalition (PCSC), there are three types of phishing scams making the rounds within the pharmacy industry:
- Product recall fraud (pharmacy/manufacturer): Posing as an employee of a legitimate manufacturer, scammers call a pharmacy distributor first. While on the call, the scammers indicate there’s been a product recall and that pharmacy needs to send the alleged “affected” product back.
- Pharmacy/wholesaler fraud: Scammers pose as a legitimate pharmacy and place an order from the wholesaler. The wholesaler then sends the product to the pharmacy and the scammer contacts the pharmacy and poses as the wholesaler to say they’ve shipped the product to the pharmacy in error. They then ask for the wholesaler to ship it back to them.
- Bank account/payment fraud: Scammers pretend to be a legitimate wholesaler, and through a business email compromise, contact the pharmacy to let them know the terms of payment for product orders have changed and there’s a new account routing number they need to use when making a payment for an order. The new account is actually the scammers’ account and not where payment should be made.
You need to protect your pharmacy against phishing. You don’t want to fall victim to such an attack, so be sure to avoid clicking suspicious links. If an email or text message feels a little suspicious, take these following steps:
Call the Company
Attempted phishing via text message is sometimes referred to as smishing. It’s a lot harder to notice a smishing scam right away. If a site has the URL start with “https,” don’t trust that it’s secure. Scammers can buy security certificates for their own fake websites. This is their way to trick you into thinking they’re legit.
If an email, text, or website seems real, or if the communication wasn’t something you were expecting from the company, call their customer service and double check. It may seem like a waste of time, however, making that phone call could save you a lot of time and energy in the long run–especially if it keeps you safe from identity theft and the recovery process.
Never use the email address or phone number that the suspicious email provided. Instead, go to the company’s website directly and get the correct contact information. Report to customer service what you received, whether it was in a text or an email, and the phone number or email address it came from.
Evaluate the Content
It’s common for phishing emails to employ urgency or fear tactics to get you to act immediately. Be wary of urgent messages demanding responses or threatening you with consequences for not taking action. Keep an eye out for awkward phrasing, grammatical errors, or generic greetings. These are phishing attempts.
Be Wary of Domains that are Shortened or Misspelled
Some scammers will use web addresses that are similar to well-known companies, so always check that the URL is correct. Oftentimes, they have a URL that’s off by a single character, and if so, it might take you to a cloned website that looks identical to a company’s website. Scammers want you to enter your personal information so they can try to use it for fraudulent purposes, such as taking out lines of credit in your name.
Be cautious with links in your emails and be aware that many email providers provide a way to preview a link’s full web address without clicking on it. Have you ever seen a suspicious link in an email? If so, hover over it with your mouse cursor. By doing so, a pop-up or line should show up on your screen showing you the full address so you can see if it really belongs to the company.
Social Media Phishing is Also a Thing
Phishing scams also happen on social media. Never click on a link from a person you do not know. If a friend or family member shares a link with you that you don’t recognize, be wary. Their account may be compromised, and they may not know. Therefore, they may not realize they’re sharing a fraudulent site. So, if they send something your way that is unusual, contact them offline or through a different platform about the questionable message.
Be Cautious of Attachments
Attachments may seem innocuous, but they can have malware or ransomware that’s designed to take over your system. Only open attachments from sources you trust, and even then, scan them with a reliable antivirus software before accessing. As for unexpected attachments or unfamiliar senders, be cautious and don’t open them.
Beware of Requests for Personal Information
Phishing emails fool people into believing they’re legitimate institutions, such as banks or government agencies. Reputable organizations will never ask you for confidential details in an email. Always contact the organization or person directly through verified channels to confirm the legitimacy of the request.
Don’t feel bad if you accidentally clicked on a link that you think was fraudulent. If you believe you’ve given a scammer your information by accident, visit identity.gov to start your recovery from identity theft. You can place a credit freeze and fraud alert on your credit report right away to protect your data. You’ll have additional steps to recover from the fraud, such as contacting any companies where the fraud occurred and reporting it to local authorities. The quicker you respond to a phishing attack, the better.
How to Prevent Phishing Email Attacks
- Delete and report suspicious emails
Promptly delete any emails that are suspicious or appear to be phishing. Report them to your IT contact or email provider to investigate and block similar phishing attempts. - Educate your pharmacy employees
Be sure every team member who has access to your pharmacy networks knows about the risks and signs of a phishing attack. Be sure they know the proper procedure for reporting suspicious emails. Hold a training session and send out reminders so everyone is on high alert for scams. - Install a firewall
A well-managed pharmacy firewall solution is important for keeping your pharmacy’s network infrastructure safe against cyber threats and phishing attempts. With a properly configured firewall, you can block unauthorized access and filter out malicious email traffic. This will enhance your cyber security and keep patients’ sensitive information protected.
More articles from the December 2024 issue:
- It’s All in the Packaging
- Whooping Cough on the Rise
- Pill Variations and Non-Adherence
- The Power of Unique Endcaps
- Prescription Flavoring
- Beyond Prescription Dispensing
- ADHD Medications
- Phishing Scams
A Member-Owned Company Serving Independent Pharmacies
PBA Health is dedicated to helping independent pharmacies reach their full potential on the buy-side of their business. Founded and run by pharmacists, PBA Health serves independent pharmacies with group purchasing services, wholesaler contract negotiations, proprietary purchasing tools, and more.
An HDA member, PBA Health operates its own NABP-accredited warehouse with more than 6,000 SKUs, including brands, generics, narcotics CII-CV, cold-storage products, and over-the-counter (OTC) products — offering the lowest prices in the secondary market.
