ConductScience in Health Innovation

ConductScience in Health Innovation

7 views

Digital Anatomy of a Top Doctor Fraud

Northwestern Feinberg School o...

Helena Halasz

-
Massachusetts General Hospital...

23 January 2024

20 December 2024

Abstract

Scams targeting physicians are on the rise, taking advantage of physicians’ busy schedules and potential unfamiliarity with digital communications. We present a case report of a “Top Doctor” scam received by an academic cardiologist via email. We anatomize the scam email and website from a digital perspective, highlighting URL structure, subdomain usage, 301 redirects, ICANN lookup, secure payment gateways, backlinks, and other technical components. Knowledge of these digital tools can help physicians avoid falling victim to scams and identify fraudulent communications. As digital communication increases, physicians must increase their digital literacy.

Introduction

Digital communication has largely replaced paper-based communication, with profound impacts across industries and professions. Medicine is no exception, as patient-physician communication increasingly utilizes portals, telehealth, email, and text messaging. While digital health technologies offer great promise in improving healthcare delivery and outcomes, they also introduce new challenges and risks. One such risk is that of online scams and fraud targeting physicians.

Scams involving solicitations for inclusion in fraudulent directories or to purchase counterfeit awards or plaques are a well-known problem. Historically these scams were sent via postal mail, but they now more commonly arrive via email, capitalizing on the prevalence of digital communication. These fraudulent offers are designed to appear reputable and appeal to physicians’ sense of pride by offering a “Top Doctor” award or profile listing. In reality, there is no rigorous selection process, and the solicitations are simply a scheme for the sender to collect fees.

The transition of these scams to digital platforms provides an opportunity to examine their anatomy from a technical perspective. Doing so sheds light on how the scams leverage different aspects of internet technology and digital communication to appear credible. Our goal is to empower physicians to understand these technical components so they can identify fraudulent offers before being duped.

Case Presentation

A 58-year-old male ICU physician at an academic medical center received an unsolicited email congratulating him on being selected as a “Top Doctor” in cardiology for his metropolitan area. The email explained he would be featured on a website: www.FirstnameLastname.TopDoctors.com. It provided a personalized link to visit the website and order a plaque to commemorate this “honor.”

The physician was skeptical but curious, so he examined the email contents and link. The email originated from an address ending in @usatopdocs.com. He hovered over the link, revealing it redirected through a series of intermediary websites before landing at the page to order a plaque.

We obtained permission from the cardiologist to analyze this scam attempt. We will now examine the anatomy of this scam from a digital perspective.

URLs, Domains and Subdomains

The link in the email used a carefully crafted URL intended to add credibility. The domain name “TopDoctors” conveys authority, while inserting the recipient’s first and last name aims to personalize it. However, examining the structure reveals “FirstnameLastname” is actually a subdomain of the primary domain TopDoctors.com (Fig. 1).

Body of Online Link

Fig. 1 Body of Online Link

The owner of the overall domain has configured subdomains to auto-populate based on the recipients’ names from an email list. This technique allows mass personalization of scam emails at scale. The TopDoctors.com domain was registered just 2 months prior through a domain registrar in China.

301 Redirects

A 301 redirect is an instruction for the browser to permanently send all traffic to a new webpage. This is commonly utilized across the Internet; for example, when a company decides to rebrand, they may use a 301 permanent redirect to send their users from the original website to the new, rebranded one.

In this case study, the personalized URL in the email employs a 301 redirect, so that the link bounces through a series of intermediary websites before landing on the order page, which then prompts payment.

When a 301 redirect is utilized by scam artists, it can serve many purposes: it transports the user from a legitimate-appearing website to the fraudulent end-goal, where credit card information is obtained (“phishing”) (Fig. 2); it helps sites avoid detection by anti-spam security measures; it increases credibility by tricking search engines into ranking them higher (SEO). Other websites can also backlink directly to the scam website, thus increasing not only the traffic but the alleged legitimacy (Fig. 2).

301 Redirection Flow Chart

Fig. 2 301 Redirection Flow Chart

ICANN Lookup

Performing an ICANN domain lookup on TopDoctors.com revealed the domain was registered to an individual in Jakarta, Indonesia only 60 days prior to sending. ICANN (Internet Corporation for Assigned Names and Numbers) coordinates domain name systems and maintains a public database of registrants.

This allowed us to uncover the recent and foreign origin of the domain, inconsistent with a well-established domestic medical organization. This is a suspicious sign signaling a scam attempt.

Secure Payment Gateway

The order page itself represents another component of digital subterfuge. It is hosted on a generic template and designed to mimic a secure payment gateway. It displays trust badges like Norton and McAfee and uses stock images of a stethoscope and caduceus for branding (Fig. 3).

Top Doctor Physical and Online Advertisement Top Doctor Physical and Online Advertisement

Fig. 3 Top Doctor Physical and Online Advertisement

In reality, it is a guise focusing on collecting credit card details which can be forwarded directly to the scammers.

Google indexes webpages and their interlinkages, known as backlinks. We retrieved this domain’s backlink profile from Google and Ahrefs SEO tools. This revealed two clusters of backlinks - one from domains related to plaque production and sales, and another from a network of thousands of domains registered to proxy services.

This corroborates that the order page is intentionally designed to appear as a legitimate plaque producer via linking strategies, while obscuring true ownership through proxy domain registration.

Discussion

This case illustrates how a scam attempt leveraged multiple aspects of digital communications technology to bolster credibility - personalized subdomains, 301 redirects, bogus payment pages with trust seals, backlinks, and proxy domain registration. Developing skills to decode these technical components of websites and emails can aid physicians in identifying fraudulent offers.

First, scrutinizing the URL structure and domain registry details can reveal mass-generated personalization and dubious or hidden owners. Being mindful of 301 redirects and not assuming intermediate hops indicate legitimacy is important. Performing ICANN and backlink analysis provides additional technical context. And recognizing sham payment pages with stock icons and seals takes some experience to hone.

Of course, time pressures and digital illiteracy may preclude physicians from investigating emails and links so thoroughly. While tools like domain blacklists or email security software may flag known scams, new schemes can sneak past such defenses. Ultimately, awareness through education is key so physicians can spot red flags and, if uncertain, simply ignore or independently research dubious offers.

Scams will continue evolving as digital engagement grows. Medical professionals must likewise evolve their digital literacy and exercise heightened skepticism for unsolicited contact. Technical savvy will become increasingly important to avoid falling victim to scams amidst the digital transformation of healthcare.

This case adds to limited but growing literature examining digital scams targeting physicians. Further research should aim to quantify the incidence of these scams and their financial impact on the healthcare field. Studies might also evaluate effectiveness of different educational approaches for improving physicians' capabilities in identifying and responding to fraudulent solicitations.

In conclusion, we present an in-depth analysis of the digital anatomy of a Top Doctor scam. We hope elucidating the technical inner workings can help physicians detect and avoid such predatory solicitations. Just as mastering anatomy is key for physicians, mastering digital anatomy may prove key to navigating risks in the digital age.

© 2025 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).

Share

View statistic