More Than Just a Free Newsletter
Become a Tame Your Practice member for FREE and receive our newsletter, special offers, and exclusive members-only content.
How To Recognize and Avoid Phishing Attacks!
What is a Phishing Attack?
No, I’m not talking about rampaging schools of piranha, nor the venerable, ever touring rock band. I don’t even mean that amazing ice cream flavor that references the aforementioned rock band. A phishing attack is when a person with less than good intentions attempts to get information from you through nefarious technological schemes.
Most of us at some point have received an email from the Nigerian prince who could fully realize his kingdom if he just had a kind soul with a bank account that could help him move some money. The goal of that scam being to get unsuspecting victims to give up valuable information, like their bank account credentials. That is a phishing scam, but it’s also a less than subtle one. Most recognize and avoid such scams readily.
How to Identify a Phishing Attack
Phishing scams can be much more subtle and convincing, however. Fortunately, there is almost always a telltale sign if you know what to look for. Take this recent email I received, for example:
At first glance it looks legit. BlueHost is a hosting company that I partner with and use for several sites, including Tame Your Practice and Describe. (Note that, if you click on the BlueHost links in this article and purchase their services, I receive affiliate compensation). The phone numbers listed are their numbers. Note that the “From” address (firstname.lastname@example.org) looks correct. The problem is that it’s pretty easy to fake (called “spoofing”) a “From” address in an email. If you look to the right of the from address you’ll see that the email was sent via a server in Russia. Now, why would BlueHost be sending me, their customer, an email through a Russian server?
Clue two is the fact that they used an incorrect name (blacked out for privacy). But I’ve seen this same email with my correct name on it, so don’t count on this always being a giveaway. It’s entirely possible the scammer will know your name.
The really big giveaway comes when I hover the mouse over the link “BlueHost” wants me to click on. The URL looks okay, right? It’s bluehost.com and even uses HTTPS/SSL for security. However, when I hover over the link, the true destination appears in the lower left. It’s not BlueHost after all. It’s a web site in Russia. Chances are, if I click on the link, the web site I’ll be taken to may even look much like the BlueHost site (if the scammers are any good, it may even look exactly like it). Next thing you know, I’m entering my login information and they now have it and can access my BlueHost account. Or perhaps they’ll ask for some payment information to “confirm” my identity.
How to Avoid Becoming a Victim of Phishing Attacks
In summary, in order to avoid the slickest of phishing attacks:
- Don’t send passwords, bank account numbers, or other sensitive information in an e-mail.
- Be sure to check where links in emails actually go and that it matches your expectations.
- Be wary of any unexpected e-mail attachments or links, even from people you know.
- Use an up-to-date anti-virus program that can scan e-mail.
My most heartfelt thanks to all who pledged to and/or spread the word about Describe. We reached our funding goal on Kickstarter and Describe is now available for sale!
Wishing you all safe Internet travels!
If you need help understanding or implementing technology, or general help with your private practice, contact us for help!
Similar articles you might be interested in!
Tame Your Practice membership is free and provides therapists access to exclusive content, discounts, and deals from partners!
Recommendations for technology, web sites, secure email, phone, credit card processing, therapy tools/interventions, podcasts, and much more!
Health Information Exchanges (HIE) are an initiative related to the Affordable Care Act and the HITECH Act. Their purpose is to ease the communication between the EHR/systems of various providers of health care, because the EHRs themselves are behind in doing so (i.e. interoperability).
About the Author
Rob has been covering technology and business news for mental health professionals since 2011. His extensive experience in IT, business, and private practice allow him to synthesize information in a friendly, digestible manner. He also enjoys time with his family, ultimate frisbee, and board gaming.