The Federal Trade Commission (FTC) defines phishing as “an unexpected email or text message that looks like it’s from a company you know or trust, like a bank or a credit card or utility company.” The sender may tell you “they’ve noticed some suspicious activity or log-in attempts … claim there’s a problem with your account or your payment information …. include an invoice you don’t recognize,” or “want you to click on a link to make a payment.” None of these things are true, and all are designed to trick you “into clicking on a link or opening an attachment” that will enable the scammer to gain access to your practice’s records or sensitive information such as account numbers or passwords.
Even though the email appears to be from a financial institution, vendor, or other company you do business with, and may even use that entity’s logo or other identifying information, you will be able to distinguish the scammer from a legitimate source because:
The bottom line: If you do suspect you have received a phishing email, do no open it and report it immediately to your practice’s head of cybersecurity.
Source: consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams.
