Yesterday, I got a text message about an upcoming doctor appointment. Okay, no problem, I suppose — except that it came from a short code that I didn’t recognize. In addition, it asked me to follow a link obscured by a URL shortener that no doubt led to a page that started asking for private, personal information. It did not actually give me any useful information, such as the location, date, and time of the appointment. In case anybody still needs to hear this…
DO NOT FOLLOW RANDOM LINKS IN EMAILS OR TEXT MESSAGES THAT COME FROM PLACES YOU DON’T RECOGNIZE
As a security researcher, it infuriated me that a doctor office might be encouraging such horrific practices, particularly as they’re dealing with a population that is already quite vulnerable. It was followed a few hours later by another text message. This second text did include the appointment date and time, but two unsolicited text messages in a short time is unacceptable. They also sent an email, again with bogus return address information and an exhortation to follow an obscured link. Then an automated telephone call, again from an unidentified number.
While this was going on, the creator of the B-Sides security conferences and all-around great guy Jack Daniel echoed my feelings perfectly on mastodon:
—2p
ADDENDUM 20240621@14:55
If you’re about to message me telling me how difficult it is for practices to get people to keep appointments, know that I ran my own medical practice for over twenty years and somehow managed to turn a profit without resorting to automated harassment of my patients.