Due to a global Microsoft outage, we are experiencing technical difficulties that may make it hard to reach us.

Practice duped into paying doctor’s salary to scammer

Avant media

Monday, 26 February 2024

Practice duped into paying doctor’s salary to scammer

Avant is warning practices to be vigilant for cyber scams after a recent spate involving phishing emails.

In one case, a practice was tricked into paying a doctor’s salary into a cyber criminal’s bank account after they emailed the practice claiming to be a doctor who worked at the practice. The email appeared to come from the doctor’s primary email address and stated the doctor had closed her bank account and provided her new account details for future payments.

Thinking the request was legitimate, the practice manager dutifully updated the doctor’s bank account details, allowing the doctor’s Medicare payments to be paid into the criminal’s bank account.

The scam was only picked up weeks later when the doctor realised she had not been paid and raised a query with the practice. Unfortunately, the money was unable to be recovered. Typically, cyber insurance does not cover practices for any money lost associated with a cyber scam.

In other cases, practices have reported receiving phishing emails from scammers in an attempt to steal personal information. The emails typically inform the practice that a payment has been made, for example, by an insurer for workers’ compensation.

The email commonly mimics one of the practice’s usual trusted creditors and entices the recipient to click on a link or open attached remittance advice that contains malware. These emails are usually opened by practice staff in between doing other jobs and often are not picked up as a cyber-attack at the time.

Spotting cyber scams

To protect your practice against cyber scams, Avant’s Information Security team has put together these top tips:

Verify email addresses

Always double-check the sender's email address for any inconsistencies before actioning any requests. Phishing emails may use similar-looking addresses to impersonate doctors or practice staff, but careful scrutiny can reveal discrepancies.

In particular, be sure to check for incorrect spelling and different email domains than normal. For example, yourpractice.co versus yourpractice.com.au

Think before clicking on links

Scammers will often embed links in emails which may go to malicious sites or download malicious software. If you are suspicious about a link it’s a good idea to hover over the link to see the actual address it will take you to.

To visit a website (such as your bank) it's safest to manually type the official web address into your browser. You could also use a search engine to find the official website and log in that way.

Exercise caution with urgent requests

Be wary of any emails that convey a sense of urgency, especially if they request sensitive information or immediate action.

Criminals often use urgency to create panic and press staff into revealing confidential details or taking immediate action.

If you are unsure someone is who they say they are, call the person back on a trusted number, for example, from their website to check their identity. Verify they sent the email and crucially, double check any bank account details via phone before changing them.

Use multi-factor authentication

The primary purpose of multi-factor authentication is to enhance security and mitigate the risks associated with password-authentication alone. Even if hackers manage to obtain your passwords, they will need another factor to gain access.

Multi-factor authentication is a powerful security measure that provides an additional layer of protection for online accounts, reduces the risk of password-related breaches, and enhances overall security and privacy for users. Where possible, practices should use an authenticator app (for example, Google Authenticator or Microsoft Authenticator) or a one-time code sent via SMS or email.

Consider geo-blocking functionality

Commonly referred to as geo-blocking, some modern applications will allow practices to enable login restrictions based on geographical locations. Enabling geo-blocking functionality will prevent hackers from logging into applications from locations that practices haven’t permitted. For example, a practice may choose to restrict access to only allow logins from within Australia. This impedes hackers by adding an additional step to access your applications.

Useful resources

Safeguard your practice from cyber scams and review your security measures with our cyber security checklist.

Protect your practice

While loss of money due to cyber scams is generally not covered under either policy, it’s important to have Avant Practice Medical Indemnity Insurance for protection against allegations and complaints, privacy breaches, employee disputes and more.* Complimentary Cyber Insurance+ also provides extra protection for eligible practices that purchase a practice policy. It covers cyber extortion, non-physical business interruption and damage to digital assets.


*Please refer to the Avant Practice Medical Indemnity policy wording for terms, conditions and exclusions.+Please refer to the Cyber policy wording for terms, conditions and exclusions.  

Avant Practice Medical Indemnity Insurance (APMII) is issued by Avant Insurance Limited ABN 82 003 707 471, AFSL 238 765. View policy wording at avant.org.au or by calling 1800 128 268. Staff will not be covered when acting in their capacity as a medical practitioner. Practices need to consider other insurance, including directors’ & officers’ liability, public & products liability, property & business interruption insurance, and workers compensation. Avant Cyber Insurance cover is available to eligible APMII policy holders up to their policy’s cessation, under a Group Policy between Liberty Mutual Insurance Company ABN 61 086 083 605 (Liberty) and Avant.

IMPORTANT: This publication is not comprehensive and does not constitute legal or medical advice. You should seek legal or other professional advice before relying on any content, and practise proper clinical decision making with regard to the individual circumstances. Persons implementing any recommendations contained in this publication must exercise their own independent skill or judgement or seek appropriate professional advice relevant to their own particular practice. Compliance with any recommendations will not in any way guarantee discharge of the duty of care owed to patients and others coming into contact with the health professional or practice. Avant is not responsible to you or anyone else for any loss suffered in connection with the use of this information. Information is only current at the date initially published.

To Top