Evan Dumas 

You’re listening to Group Practice Tech, a podcast by Person Centered Tech, where we help mental health group practice owners ethically and effectively leverage tech to improve their practices. I’m your co-host, Evan Dumas.

 

Liath Dalton 

And I’m Liath Dalton, and we are Person Centered Tech.

 

Liath Dalton 

This episode is brought to you by Therapy Notes. Therapy Notes is a robust online practice management and electronic health record system to support you in growing your thriving practice. Therapy Notes is a complete practice management system with all the functionality you need to manage client records, meet with clients remotely, create rich documentation, schedule appointments and bill insurance all right at your fingertips. To get two free months of Therapy Notes as a new Therapy Notes user go to therapynotes.com and use promo code PCT.

 

Evan Dumas 

Hello and welcome to Episode 604: Don’t Get Phished.

 

Liath Dalton 

Now, we, of course, are talking about phishing with a ph, as in the scams that occur where folks who don’t have good intentions are trying to get your information through having you click a link, answer questions, provide information or by clicking the link, download something dodgy. So we don’t want that kind of phishing to occur.

 

Liath Dalton 

And we are seeing an uptick in phishing texts and emails being being received by folks, and therefore getting an influx of questions around them, like, how to spot it, what, what to do when you do receive something that is a phishing attempt and so on.

 

Liath Dalton 

So we thought it would be a good topic to address for all of you. This happens to be one area that Evan is particularly fluent and adept at addressing. So Evan, take it away.

 

Evan Dumas 

Yeah. So this is a really common source of breach, and it really preys on our empathy, or curiosity, or sense of urgency, all the things us counselors, counselor adjacent folks are really primed to respond to. Like they do really good psychology. You could probably even, there’s probably even some books on it.

 

Evan Dumas 

But anywho, I’m going to talk a little bit about the scams you get via text messages. And so unfortunately, this is so common these days, you’ve probably got these.

 

Evan Dumas 

Now, sometimes your phone carrier will say, Hey, this is potentially a scam. And that’s great, so you can skip it, you can not answer the phone, you can do things like that. But sometimes this will get around your messages, and it’ll just come in from a random number and it’ll say something like, Oh, you’ve been signed up for this, press stop to stop getting these messages. Or you’ll say, Oh, here’s a job, or a car insurance. I don’t even have a car, and I get spam text messages for car insurance plans. And it’s,

 

Liath Dalton 

What about your home warranty, Evan?

 

Evan Dumas 

Oh, and then warranty too! Yes, yeah, yeah, totally! Yeah, yeah, that’s classic.

 

Evan Dumas 

So here’s what not to do. If you get a message from saying some company saying thanks for opting in, you’re getting messages from us press stop to stop getting these messages. Don’t reply and press stop. Because they’re wanting you to engage, which will just tell them, hey, there’s someone at the other end of this number. Let’s send them more messages. Because they’re not legally required to stop sending you messages. What you want to do is on, whatever your phone type is, there’s usually a way to delete it, but also to report it as spam, report it as junk.

 

Evan Dumas 

And you know, who knows if that actually does anything, but hopefully that goes back up to your phone carrier and says this number has been flagged as spam. Please block this in the future, something like that. But whatever you do, don’t click links that you get in those messages. Maybe Google it instead. Saying, Hmm, is this number legitimate? Hmm, is this company legitimate? And if so, then, yeah, maybe reach out after that. But in general, no, most of these are almost all spams.

 

Liath Dalton 

Exactly, and one additional source of this, actually two, that we’ve been seeing. One has been around for a long time, and includes the like, tracking info for a delivery.

 

Evan Dumas 

Oh, yeah, classic, yeah. Who doesn’t want a package?

 

Liath Dalton 

Yeah. Like my, my package was delayed or there was a problem with delivery, and I need to provide additional information, address confirmation in order to get it. Ooh, I’d better do that.

 

Evan Dumas 

Yes.

 

Liath Dalton 

Right? The other one we’ve been seeing more, and in fact, my, I have a family member who got one of these recently and was distressed, was something purporting to be a medical provider.

 

Evan Dumas 

Oh.

 

Liath Dalton 

And wanting confirmation, or like name and date of birth confirmation for an appointment.

 

Evan Dumas 

Oh, wow.

 

Liath Dalton 

Confirmation. And this family member is in the lead up to getting a knee surgery. So they’re like, oh, is this legitimate? But then they thought, I have never gotten, in the text messages I have opted into from my medical provider, anything asking for me to confirm the name or date of birth.

 

Evan Dumas 

Yeah.

 

Liath Dalton 

And so what this family member did was then reach out to the actual medical provider and say, was this a text that you sent or or not? Like, no, we did not, We are so glad that you didn’t provide that information, in response to that spam text, and we will never ask for those pieces of information via text, ever, ever.

 

Liath Dalton 

So the like, saying it’s a medical bill or for medical appointment confirmation as well is something that you always want to to verify is coming from a legitimate source. And you know, usually you should have, if you have any doubt about it, then you want to go through an established channel that you’ve already verified is authentic and secure. Don’t just respond because the name seems to be the same thing, right?

 

Evan Dumas  

Mhm, yeah. I’ve seen some too, that seem to send you to like DocuSign or other e signature links saying, hey, here’s a formal document, we need you to sign this. And it’ll have vague language, like something maybe tax related or employment related, and it looks just curious enough to be like, wait, do I have an outstanding invoice? I don’t, I don’t run a business. But should, that be the case, it would kind of make sense to be like, oh, I’m curious, this looks official. Don’t click it. It isn’t real. If anything, someone’s other email address probably got hacked, and then they’re being used to send as like spam messages. But that’s, you get that more via email. But the the text message ones will be fast and furious and annoying and just do not engage with them.

 

Liath Dalton 

Right.

 

Liath Dalton 

So in my own experience, one of the benefits of the process of deleting and marking as spam or reporting as junk, is that, then, in terms of what I receive, I don’t receive messages from that same number again.

 

Evan Dumas 

Nice.

 

Liath Dalton 

Which, which is great, because we want to just limit the intrusiveness of these phishing scams as much as possible. So my process is, if I get something that looks like that, I don’t open it. I just delete the the text and mark it spam.

 

Evan Dumas 

Yeah. Great, great, great move.

 

Liath Dalton 

So one last note, which is that how to identify phishing scams or social engineering, where folks are trying to generate real urgency, is a threat that comes up pretty frequently and something that anyone working within a practice that’s handling client info needs to know how to manage.

 

Liath Dalton 

So if you want more specific sort of guidance, tools training on this for yourself or for team members, that’s something that is addressed in our HIPAA security awareness grab bag, which has a set of three mini courses, one of which is devoted to phishing, one on social engineering, and the other on handling Protected Health Information in public, you know, when you’re outside the practice’s controlled environment.

 

Liath Dalton 

So we’ll put a little link to that supportive training in the show notes as well. But really covered, covered the like basics, the important and impactful parts around what not to do and what to do with regards to phishing scams. So we hope you found this helpful, and we will chat to you good folks next week.

 

Evan Dumas 

Yeah, talk to you next week, everybody.

 

Liath Dalton 

This has been Group Practice Tech. You can find us at personcenteredtech.com. For more podcast episodes, you can go to personcenteredtech.com/podcast or click podcast on the menu bar.