Today’s cybersecurity tools can help stop cybercriminals; however, many spammers find creative ways to get around safeguards. Spammers add another layer of risk to healthcare organizations, so it’s important that all employees know how to spot these cybersecurity threats. Here are some of the most common tricks spammers may use to access and compromise systems. 

Common Tricks Spammers Use to Compromise Systems


Phishing is a classic tactic that spammers use to access systems and obtain sensitive information. The 2021 Healthcare Information and Management Systems Society survey shares that over two-thirds of healthcare organizations had a “significant” incident in the previous year.

The attacks cited in the survey came from mostly phishing or ransomware attacks. During a phishing attack, a cybercriminal will send an email from a seemingly legitimate source, such as a financial institution or government agency. The email will prompt you to send personal information or log in to a website using your private credentials. Once you provide this information, the sender can obtain various types of sensitive data. 

Hidden Characters

Email spam filters may be sophisticated, but cybercriminals continue developing techniques to land in your inbox. One of these techniques is including hidden characters in the message. For example, if your spam email filter pulls emails with the word “loan,” an email with the word “l0@n” might make it through.

Humans can read the word, but technology often can’t. IT teams should try to spot common hidden characters and include these terms in the organization’s spam filter. Employees should also know to report spam emails with these terms. 

Website Scams

Fake websites can be tricky to spot, and spammers often bait victims with this technique. For example, the website might require a membership to log in or advertise a sale on a specific product. If a user falls for this scam, the cybercriminal can gain access to financial information.

These websites may also have malicious coding to compromise the user’s system. Additionally, cybercriminals may bait users with website scams, emails, popups, social media comments, online forums, and more. An organization’s employees should be trained to spot fake websites and online offers. 

Social Engineering

Social engineering is a broad term that encompasses several types of sophisticated attacks. Cybercriminals will try to build trust with the victim during a typical social engineering attack. A popular method is using impersonation. So, a human is on the other end, rather than an email spam bot.

Within organizations, malicious actors might impersonate an executive to gain credentials and financial information from an employee. They may also trick a user into accidentally installing malware into a system by disguising it as another type of program.

Social engineering techniques can be challenging to identify, so organizations may need to invest more time into training. Having a reporting system for suspected social engineering attacks is also important. 

Fake Charities

Spammers may disguise themselves as a charity through email spam or a fake website. This scam is also common on social media. The victims of these scams will unknowingly send money directly to the spammer or provide their credit card information. Additionally, if the malicious actor sends a donation link through a phishing email, the victim may also open a spam website and compromise the network. 

Hacking Scams

During this type of attack, a web user will receive a popup warning that their system has been compromised. The popup usually prompts them to install antivirus software. Unfortunately, some users impulsively click on this popup, which can trigger an actual system breach. Healthcare organizations should train employees to spot these scams to avoid unknowingly compromising their system. Popup blockers and other web security features can also be helpful. 

Service Scams

Another type of email scam can have dangerous consequences. In this spam technique, a spammer will offer a type of service – often connected to the end user’s industry. For example, within the healthcare sector, employees might receive emails offering online training, website services, or resume help. Unfortunately, any links in the email likely lead to a fraudulent source or require the user to enter personal information. 

Social Media 

Social media spam is quite common and easy to disguise. Cybercriminals will use social media to spam users with fake notifications or followers. They may also send messages that include phishing links or ask for sensitive information. Within your organization, it’s important that employees know how to spot these types of scams and are especially careful when using their devices on the company’s network. Restrictions on social media use while on the company’s network, or devices can also be helpful. 

Comment Spam

If your organization hosts a blog on your website, you might be susceptible to spam comments. Spam comments can include fraudulent links disguised as financial offers, product deals, or other blogs.

Just as you have filters to stop spam emails, your organization should also maintain spam comment filters. Security features like Captcha can also help filter out comment bots. In addition, ensure the employees who run your blog consistently check the comment queue and report all spam. 

Spam can take many forms, so staying on top of all potential attacks can be tricky. However, letting spam slip through the cracks can damage your organization’s network security. Employee training is one of the best resources for keeping spam in check, as spotting spam is the first step in prevention. In addition, be sure to have tight restrictions on website access across the network. Finally, updating filters and maintaining knowledge of the latest spam techniques are also essential.  

To learn more about how to effectively train your healthcare personnel on cybersecurity awareness, check out our webinar, The Art & Science Behind a Strong Cybersecurity Culture.