Comprehensive Consulting for Mental Health and Wellness Professionals in Private Practice

 

Hello | My Account | Login
Our blog

The Blog

Occasional insights, inspirations, and recommendations for practice taming.

 

How To Recognize and Avoid Phishing Attacks!

How To Recognize and Avoid Phishing Attacks!

Describe, a Powerful New Therapy Tool is now available!! 

How do you avoid a phishing attack?

No, I'm not talking about rampaging schools of piranha, nor the venerable, ever touring rock band. I don't even mean that amazing ice cream flavor that references the aforementioned rock band. A phishing attack is when a person with less than good intentions attempts to get information from you through nefarious technological schemes.

Most of us at some point have received an email from the Nigerian prince who could fully realize his kingdom if he just had a kind soul with a bank account that could help him move some money. The goal of that scam being to get unsuspecting victims to give up valuable information, like their bank account credentials. That is a phishing scam, but it's also a less than subtle one. Most recognize and avoid such scams readily.

Phishing scams can be much more subtle and convincing, however.  Fortunately, there is almost always a telltale sign if you know what to look for.  Take this recent email I received, for example:



At first glance it looks legit.  BlueHost is a hosting company that I partner with and use for several sites, including Tame Your Practice and Describe. (Note that, if you click on the BlueHost links in this article and purchase their services, I receive affiliate compensation). The phone numbers listed are their numbers. Note that the "From" address (servers@my.bluehost.com) looks correct. The problem is that it's pretty easy to fake (called "spoofing") a "From" address in an email.  If you look to the right of the from address you'll see that the email was sent via a server in Russia.  Now, why would BlueHost be sending me, their customer, an email through a Russian server?

Clue two is the fact that they used an incorrect name (blacked out for privacy).  But I've seen this same email with my correct name on it, so don't count on this always being a giveaway.  It's entirely possible the scammer will know your name.

The really big giveaway comes when I hover the mouse over the link "BlueHost" wants me to click on. The URL looks okay, right?  It's bluehost.com and even uses HTTPS/SSL for security.  However, when I hover over the link, the true destination appears in the lower left. It's not BlueHost after all.  It's a web site in Russia.  Chances are, if I click on the link, the web site I'll be taken to may even look much like the BlueHost site (if the scammers are any good, it may even look exactly like it). Next thing you know, I'm entering my login information and they now have it and can access my BlueHost account.  Or perhaps they'll ask for some payment information to "confirm" my identity.

In summary, in order to avoid the slickest of phishing attacks:

  • Don't send passwords, bank account numbers, or other sensitive information in an e-mail.
  • Be sure to check where links in emails actually go and that it matches your expectations.
  • Be wary of any unexpected e-mail attachments or links, even from people you know.
  • Use an up-to-date anti-virus program that can scan e-mail.

My most heartfelt thanks to all who pledged to and/or spread the word about Describe.  We reached our funding goal on Kickstarter and Describe is now available for sale!

Wishing you all safe Internet travels!

 

If you need help understanding or implementing technology, or general help with your private practice, contact us for help!

Subscribe to our mailing list to receive quarterly newsletters full of timely information!

Rob Reinhardt, LPCS, M.Ed., NCC

Rob is a Licensed Professional Counselor in private practice and
owner of Tame Your Practice, which provides comprehensive
consulting to mental health and wellness professionals.

©2015 Rob Reinhardt, LPC, PA   www.tameyourpractice.com

Share This: 

Add new comment


Note: Anonymous comments are moderated. To better make and track comments, you may create an account.
Read our policies: Comment Policy Terms of Service Privacy Policy