How To: Detect and Report Phishing Scams
At TherapyNotes, we work hard to keep your records safe and secure. Technical security measures and company-wide security procedures ensure that the data in your TherapyNotes account is protected from natural disasters, trained hackers, malware, and other sophisticated security threats that could directly attack our system.
Despite the publicized nature of widespread hacking attempts, your own communication with others is the most present threat to the security of your data. Social engineering refers to attempts to trick you into revealing sensitive information or subverting your basic security procedures. Commonly, social engineering takes the form of phishing in which a criminal impersonates a legitimate business and contacts you in an attempt to uncover your username and password, credit card number, or other sensitive information.
Remember: Your TherapyNotes username and password are essential to the security of your data. Never share this information with anyone, even TherapyNotes staff. TherapyNotes will never request your username and password, credit card information, or sensitive client data via email or phone.
To determine if communication from TherapyNotes is authentic:
- Confirm that the email is expected. There are a few types of email messages that you may receive from TherapyNotes:
- Marketing, including newsletters, company announcements, special promotions, and blog notifications if you are subscribed to our blog
- Sales, including follow-up emails for conferences, demo and webinar invitations, and emails to connect with prospective customers
- Support, including replies to support inquiries, follow-up emails to support calls, and helpful emails during your TherapyNotes trial
- Confirm that the email does not ask you to send any sensitive information, such as your username or password, credit card number, or protected health information (PHI)
- If an email asks you to sign in or verify your account information, hover your mouse over the links and images in an email. Each link should begin with https://www.therapynotes.com/ or https://blog.therapynotes.com/, without typos. Any variation of these URLs is not a genuine TherapyNotes website
- If you click on a link in an email, check for https:// in the URL and a lock icon in the address bar. This confirms that the website is secure
If you suspect that someone is posing as TherapyNotes to gain access to your account, do not respond to the email and report the incident to email@example.com.
If you fall victim to social engineering or a phishing scheme:
- Change your TherapyNotes password immediately
- Contact firstname.lastname@example.org to let us know that your account has been compromised
- File a complaint with the Federal Trade Commission (FTC) at www.ftc.gov/complaint
- Visit www.identitytheft.gov to minimize your risk of identity theft
- Issue a notification of breach in accordance with the HIPAA Breach Notification Rule
To learn more about phishing, read How to Protect Your Electronic Records Against Phishingon our blog.