Social Engineering and Online Fraud Targeting Doctors

In recent times, there has been a noticeable increase in online fraud specifically targeting doctors, primarily through social engineering. A notable example involves a doctor who suffered a significant loss of 1.8 crores rupees due to such fraudulent activities. Social engineering is identified as the predominant method in 80 to 90% of these cases.

Doctors are particularly vulnerable to these schemes due to our limited social interactions beyond our medical practice and family. Our familiarity with the broader societal landscape is often lacking, making us soft targets in various aspects of life. Our social circle mainly comprises fellow doctors, and our primary means of communication revolves around platforms like WhatsApp or specific Continuing Medical Education (CME) sessions.

Finding street-smart doctors is quite uncommon. This rarity may stem from societal expectations, as we are molded not to be street-smart; instead, our medical education emphasizes adhering to ethics. Combined with the substantial amount of course material we absorb, it leaves us less proficient in navigating other aspects of life.

This vulnerability exposes us to various challenges in life, including instances of violence against doctors. In this article, I will focus on the concerning issue of online fraud.

Realife Examples of Social Engineering?

Instagram and Facebook Fraud:

I'll start by sharing a recent personal experience. A couple of my friends contacted me, revealing that an individual had created a fake Instagram account using my name. This imposter claimed to be in urgent need of money. Honestly, I'm skeptical about having an Instagram account, and similar impersonation incidents have been reported by many of my fellow doctor friends. These impostors exploit our public reputation, persuading people, especially fellow doctors, to offer financial assistance.

WhatsApp Frauds:

A doctor colleague of mine experienced a WhatsApp fraud incident. He received a message from a friend residing in the USA, requesting money, with the fraudster using his friend's phone number. Due to the message coming from the authorized number of his friend, some individuals transferred nearly 70,000 rupees to him. However, upon later discovery that it was a fraud, they were able to recover the amount through a police complaint.
Insurance Fruad:

Unpaid Insurance Premium Fraud:

By Now many of us maight have got phone call stating that you have not paid insurance priumn since couple years and there some x amount will porfitted if you did not repay the installument. For doctors we belive that i maight have forgotten a poicy payement and i may loose money if dont pay end send the next isntalamant to fruadlant and we loose that money

Threatening Police Call:

One of my fellow physicians received a call from a fraudster claiming they had goods with illegitimate material. Allegedly under the custody of the Mumbai Crime Branch, the material could potentially link him to a crime through his bank account transactions. The caller urged him to contact the Mumbai Police immediately to avoid complications. Later, a video call, purportedly from a Mumbai DCP, displayed an office-like environment in the background. During the call, they collected bank details and online transaction credentials, resulting in a loss of 30 lakhs for my physician friend.

Investment Fraud:

As doctors engage with the stock market, they can become targets of online investment fraud. Fraudsters create deceptive websites to convince doctors to invest. Initially, individuals might see some returns, but as they increase their investments, substantial losses occur. The mentioned case of 1.8 crores falls into this category. It underscores the importance of being vigilant when dealing with online investments, conducting thorough research, and verifying the legitimacy of investment platforms to avoid falling victim to fraudulent schemes.

Blackmail:

In contemporary times, a concerning method of blackmail involves creating videos and issuing threats to publish them online. If you find yourself ensnared in such a trap, I strongly recommend promptly reporting the incident to the police. There are documentaries available on some OTT platforms illustrating how entire families can be devastated by such malicious activities. Notably, even renowned figures like ISRO scientist Prof. Nambi fell victim to blackmail, leading to severe consequences for our nation's trajectory. While his case was not directly related to online activities, the ubiquity of online access has made fraudulent activities like these more prevalent and easier to execute. It underscores the urgency of being vigilant and taking immediate action against such threats to prevent further harm.

AI and the Future:

In the future, artificial intelligence (AI) tools have the potential to be utilized for orchestrating fraudulent activities. These advanced modules possess the capability to comprehend human behavior by analyzing extensive datasets. They can not only understand your behavior but also predict it, enabling the engineering of fraud to exploit individuals. The Hollywood movie "Eagle Eye," released in 2008 and directed by D.J. Caruso, even depicts how AI could manipulate people by exploiting their weaknesses, going to the extreme of engineering the assassination of a President by leveraging vast amounts of data. While this portrayal may seem sensationalized, it does underscore the potential risks associated with the misuse of AI technology in orchestrating fraudulent activities. As technology continues to advance, it becomes crucial to implement ethical guidelines and robust security measures to mitigate these emerging threats.

What is Social Engineering ?

1. Phishing:

Scenario: An attacker sends emails or messages posing as a reputable entity, like a bank or a popular website, asking the recipient to provide sensitive information such as passwords or credit card details.
Goal: To trick individuals into divulging confidential information.

2. Pretexting:

  Scenario: The attacker creates a fabricated scenario or pretext to obtain information. For example, pretending to be an IT support technician and asking for login credentials to "fix" a computer issue.
  Goal:To gain trust and manipulate individuals into revealing sensitive data.

3. Baiting

 Scenario: Malicious software or infected devices are left in public places. When unsuspecting individuals find and use them, their systems become compromised.
 Goal: To lure individuals into a trap by offering something enticing.

4. Quid Pro Quo:

 Scenario: The attacker offers a service or benefit in exchange for sensitive information. For instance, pretending to be an IT specialist and offering free software in exchange for login credentials.
 Goal: To create a reciprocal relationship where the target unknowingly provides valuable information.

5. Impersonation:

Scenario: The attacker pretends to be a trusted individual or authority figure, such as a co-worker, manager, or even a family member, to manipulate the target into revealing information.
Goal: To exploit trust relationships and gain access to confidential data.

6. Tailgating:

 Scenario:The attacker follows an authorized person into a restricted area without proper authentication, taking advantage of the trust given to the person they are tailgating.
  Goal: To gain physical access to secure areas without proper authorization.

7. Quizzes and Surveys:

 Scenario: Attackers create seemingly innocent quizzes or surveys, often on social media, to collect personal information about individuals.
 Goal: To gather data that can be used for various malicious purposes, such as password guessing or identity theft.

8. Tech Support Scams:

Scenario: The attacker calls or messages, claiming to be from a legitimate tech support service, warning the individual of a computer problem. They then convince the victim to grant remote access or pay for unnecessary services.
Goal: To gain access to the victim's computer or extract money under false pretenses.

Social engineering tactics often exploit human psychology, trust, and the willingness to help, making individuals unknowingly cooperate with the attacker's malicious intentions. Awareness and education are essential to recognize and defend against these manipulative techniques

Conclusion: Safeguarding the Medical Community

In conclusion, the growing threat of social engineering and online fraud targeting doctors requires proactive measures. Beyond the realm of medical expertise, doctors must equip themselves with knowledge and awareness of digital threats. Ethical guidelines and robust security measures are paramount to safeguarding the medical community against these emerging risks. By staying informed and fostering a culture of cyber resilience, doctors can protect themselves and their colleagues from falling victim to deceptive online practices.