For years — years — I have been asking my colleagues and their practice managers to stop letting their practice management providers send boilerplate text messages and emails inviting patients to give out their personal information to unidentified web sites to “check in” or “activate the patient portal.”
“Why?” they always ask. I explain that they’re training their patients to be scam victims. Patients should feel confident that their doctor office would never think so poorly of them as to ask them to give out their personal information in that way.
All I get in response is blank stares.
Yesterday, I got the email above. It turns out, it’s totally bogus. It’s a phishing email designed to get me to divulge sensitive information or to install malware on my computer or phone. But, guess what, it looks exactly like the legitimate emails I get all the time from my actual providers, right down to having my name correct and using my email address as my user name. As it turns out, I was actually expecting a new patient packet from a new doctor office, and if I hadn’t been averse to these things I could well have followed that link.
—2p