Cybercriminals are Targeting Plastic Surgery Offices and Patients

pAlert Number I101723PSAppThe FBI is warning the public about cybercriminals who target plastic surgery offices surgeons thereof and patients to harvest personally identifiable information and sensitive medical records to include sensitive photographs in some instances Once successful cybercriminals use social engineering techniques to enhance the harvested data and extort individuals for cryptocurrencyppUsing technology to disguise their phone numbers and email addresses spoof cybercriminals use phishing to deploy malware to plastic surgery offices Once successful cybercriminals harvest electronically protected health information ePHI which includes sensitive information and photographsppCybercriminals use opensource information to include social media and social engineering techniques to enhance the harvested ePHI data of plastic surgery patients Cybercriminals use the enhanced data as leverage for extortion in Phase 3 and may use it for other fraud schemesppCybercriminals contact plastic surgeons and their patients via social media accounts emails text messages or messaging apps and ask for payment to prevent sharing of their ePHI To exert pressure on victims for extortion payments cybercriminals share the sensitive ePHI to victims friends family or colleagues and create publicfacing websites with the data Cybercriminals tell victims they will remove and stop sharing their ePHI only if an extortion payment is madeppThe FBI requests victims report these fraudulent or suspicious activities to the FBI IC3 at wwwic3gov Be sure to include as much information as possibleppFor additional information on how to report cryptocurrency addresses connected to fraud please see previous Public Service Announcement published on the FBI IC3 website
IC3 FBI Guidance for Cryptocurrency Scam Victimp