How To: Detect and Report Phishing Scams

At TherapyNotes, we work hard to keep your records safe and secure. Technical security measures and company-wide security procedures ensure that the data in your TherapyNotes account is protected from natural disasters, trained hackers, malware, and other sophisticated security threats that could directly attack our system.

Despite the publicized nature of widespread hacking attempts, your own communication with others is the most present threat to the security of your data. Social engineering refers to attempts to trick you into revealing sensitive information or subverting your basic security procedures. Commonly, social engineering takes the form of phishing in which a criminal impersonates a legitimate business and contacts you in an attempt to uncover your username and password, credit card number, or other sensitive information.

Remember: Your TherapyNotes username and password are essential to the security of your data. Never share this information with anyone, even TherapyNotes staff. TherapyNotes will never request your username and password, credit card information, or sensitive client data via email or phone. 

To determine if communication from TherapyNotes is authentic:

  • Confirm that the email is expected. There are a few types of email messages that you may receive from TherapyNotes:
    • Marketing, including newsletters, company announcements, special promotions, and blog notifications if you are subscribed to our blog
    • Sales, including follow-up emails for conferences, demo and webinar invitations, and emails to connect with prospective customers
    • Support, including replies to support inquiries, follow-up emails to support calls, and helpful emails during your TherapyNotes trial
  • Confirm that the email does not ask you to send any sensitive information, such as your username or password, credit card number, or protected health information (PHI)
Quick Tip: As your business associate, we will never disclose PHI or ask for PHI outside of support-driven interactions. If client-related information is necessary to address a support question, our support team will typically request the initials of the client and a relevant date of service for reference. Rarely, our team may request the full names of clients in order to verify your identity and prevent unauthorized access to your account. However, we will never make unsolicited requests for PHI.
  • If an email asks you to sign in or verify your account information, hover your mouse over the links and images in an email. Each link should begin with or, without typos. Any variation of these URLs is not a genuine TherapyNotes website
  • If you click on a link in an email, check for https:// in the URL and a lock icon in the address bar. This confirms that the website is secure


If you suspect that someone is posing as TherapyNotes to gain access to your account, do not respond to the email and report the incident to

If you fall victim to social engineering or a phishing scheme:

To learn more about phishing, read How to Protect Your Electronic Records Against Phishingon our blog.

Still need help? Contact Us Contact Us