Spear-phishing Scam uses WMC to Target Practitioners
A fraud ring is using technology to imitate the WMC phone number, email and web URL to target practitioners. These people are researching specific practitioners and attempting to exploit them with publicly accessible information such as medical license number, practice name or specialty, social media posts and opinions, news articles and more.
These people may contact you or leave messages, they may appear to originate from inside the WMC as someone with authority to request confidential information or seem to know personal information. This technique is called spear-phishing and it’s on the rise by groups located outside of the U.S.
Recent near-victims of this spear-phishing scam were:
- Called by someone claiming to be a WMC investigator that was looking into their “over-prescribing of opioids”. Scammers will use hot topics like this to scare you!
- Told not to check our website because that would mean they are guilty. Scammers will try to keep you from contacting real agencies or help such as your attorney.
If they are successful, they will move forward with requests for money or information to help them carry out additional scams.
How can I tell what isn’t a legitimate communication by the WMC?
- The WMC will not ask you for money;
- The WMC will not ask you to respond to any action in less than 20 days;
- The WMC will not advise against speaking with your own lawyer;
- The WMC will not ask you to confirm personal details, passwords, or social security numbers;
- The WMC will contact you in writing. A medical license holder receives several written communications from the WMC, which include legal documents;
- The WMC will not take action on your license without significant communication between you and our investigators and attorneys.
How can I protect myself from these attacks?
- Never click on links or download suspicious attachments. If you think the link is legitimate, go to a browser and type the URL instead of pasting it. For example, type in wmc.wa.gov instead of clicking.
- Don't fall prey to a manufactured urgency. A vital component of this fraud is the urgency of request or demand. Most attackers will manufacture an urgency to make you worry about an impending threat or deadline. If you are contacted by the WMC you will have a legally protected amount of time to respond.
- Verify requests before you act. If you think something is amiss - verify it. If someone tells you to stop practicing medicine, says you are in danger of discipline or asks for personal information, hang up immediately and call us at 360-236-2750. Even when you think the request is genuine, verify before taking any action or providing any information.
- Restrict your personal information online. Spear-phishers often leverage personal information from social media accounts or other public forums. This includes opinions about the medical profession, the location of your job, your professional title, what bank you use, etc. The amount of relevant information that individuals can collect from online sources for these fraudulent purposes can create enough doubt that the targets of these scams will cooperate with the fraudulent requests.
Please help spread the word about this scam by sharing this information with your friends, family and colleagues.
The WMC promotes patient safety and enhances the integrity of the medical profession through licensing, rule-making, discipline, and education. Learn more about the commission at WMC.wa.gov. Follow the WMC on Facebook and Twitter.