Skip to main content
  • Home
  • Dashboard
  • Contact Us
  • Search
  • Log In
Logo
Menu
  • About Us

      Our financial reward program recognizes your commitment to quality medicine.

      Learn More
    • Board of DirectorsCurrent members of the Board
    • OfficersCurrent officers of the Company
    • ProducersFind a Producer
    • Notes from the Chair NewsletterImportant information for our Insureds
    • Contact UsContact Us for more information
    • Company OverviewLearn more about PROFESSIONALS ADVOCATE
    • FinancialsView our annual report
    • Mutual Advantage PlanA financial reward program
  • Coverages

      e-dataRESPONSE+ Cyber Liability Coverage provides critical protection in case of a breach.

      Learn More
    • Coverages OverviewLearn about our coverages
    • Policies & CoveragesLearn about our policies and coverages
    • Premium & BillingLearn about our Premium and Billing
    • MedguardDisciplinary defense coverage
    • e-dataRESPONSE+Cyber breach liability coverage
  • Claims

      If you have been contacted by an attorney regarding your care of a patient, read this now

      Learn More
    • Request Claims HistoryReceive a copy of your claims history
    • Claims PortalTrack your open claims
    • Claims FAQCommon questions about claims
    • Claims OverviewOur claims philosophy
    • How to Report a ClaimWhat to do when you receive a claim
  • Risk Management

      Our Risk Management education programs provide CME Credits and premium discounts. Register today!

      Register
    • Risk Management OverviewOur risk management philosophy
    • Resources/SearchSearch our comprehensive library
    • Doctors RX NewsletterOur risk management newsletter
    • Education ProgramsRegister for a risk management program
    • Security Risk AssessmentEvaluate the security of your practice
    • AlertsAlerts issues by medical organizations
    • Practice Manager ToolboxAn online resource designed for Practice Managers
    • AI Risk ManagementArtificial Intelligence
    • Practice Self-Assessment SurveyTake the practice self-assessment survey
    • Med-RiteLearn more about Med-Rite
    • PodcastsListen to risk management podcasts
    • Risk Management FAQCommon Questions about Managing Risk
  • Resources

      Browse our comprehensive research library for information on HIPAA, EMR, claims, and much more

      Search
    • LinksLinks to helpful organizations
    • Claims ResourcesInformation about the claims process
    • Risk Management ResourcesA comprehensive risk management library
    • Practice Manager ToolboxAn online resource designed for Practice Managers
    • eDelivery RESOURCES
      Links to helpful information about eDelivery

Practice Manager Toolbox

  • Billing and Insurance
  • Compliance
  • Cyber Security
  • EHR Optimization
  • Patient Engagement
  • Practice Operations

Resources

Tips to Remember When Reviewing Email

If you receive an email that contains links or attachments, it is your responsibility to determine its legitimacy.

If you receive an email that contains a link or an attachment, it is your duty, in this era of super hackers, to do what is reasonable to determine the email’s legitimacy before clicking on the link or the attachment.   Below are some items to look out for and tips to remember when reviewing emails.

1. An Unfamiliar Tone or Greeting 

The first thing that usually arouses suspicion when reading a phishing message is that the language isn’t quite right – for example, a colleague is suddenly suspicious in their tone, or a family member is a little more formal. 

2. Grammar and Spelling Errors 

One of the more common signs of a phishing email is bad spelling and the incorrect use of grammar. Most businesses have the spell check feature on their email client turned on for outbound emails. It is also possible to apply autocorrect or highlight features on most web browsers. Therefore, you would expect emails originating from a professional source to be free of grammar and spelling errors. 

3. Inconsistencies in Email Addresses, Links & Domain Names 

Another simple way to identify a potential phishing attack is to look for discrepancies in email addresses, links, and domain names. For example, it is worth checking against previous correspondence that originating email addresses match. If a link is embedded in the email, hover the pointer over the link to verify what ‘pops up’. If the email is allegedly from PayPal, but the domain of the link does not include “paypal.com,” that’s a huge giveaway. If the domain names don’t match, don’t click. 

4. Threats or a Sense of Urgency 

Emails that threaten negative consequences should always be treated with suspicion. Another tactic is to use a sense of urgency to encourage, or even demand, immediate action in a bid to fluster the receiver. The scammer hopes that by reading the email in haste, the content might not be examined thoroughly so other inconsistencies associated with a phishing campaign may pass undetected. 

5. Suspicious Attachments 

If an email with an attached file is received from an unfamiliar source, or if the recipient did not request or expect to receive a file from the sender of the email, the attachment should be heavily scrutinized before opening. If the attached file has an extension commonly associated with malware downloads (.zip, .exe, .scr, etc.) – or has an unfamiliar extension – you should contact the IT department before opening.  

6. Unusual Request 

If the email is asking for something to be done that is not the norm, then that too is an indicator that the message is potentially malicious. For example, if an email claims to be from the IT department asking for a program to be installed, or a link to patch the PC followed, yet this type of activity is typically handled by the IT department, that’s a big clue that you have received a phishing email and you should not follow the instructions. 

7. Short and Sweet 

While many phishing emails will be stuffed with details designed to offer a false security, some phishing messages have also been sparse in information hoping to trade on their ambiguity. For example, a scammer that spoofs an email from Jane at a company that is a preferred vendor emailing the company once or twice weekly, has the vague message ‘here’s what you requested’ and an attachment titled ‘additional information’ in hopes they’ll get lucky.  Do not click the attachment. 

8. Recipient Did Not Initiate the Conversation 

Because phishing emails are unsolicited, an often-used hook is to inform the recipient he or she has won a prize, will qualify for a prize if they reply to the email, or will benefit from a discount by clicking on a link or opening an attachment. In cases where the recipient did not initiate the conversation by opting in to receive marketing material or newsletters, there is a high probability that the email is suspect. 

9. Request for Credentials, Payment Information or Other Personal Details 

One of the most sophisticated types of phishing emails is when an attacker has created a fake landing page that recipients are directed to by a link in an official looking email. The fake landing page will have a login box or request that a payment is made to resolve an outstanding issue. If the email was unexpected, recipients should visit the website from which the email has supposedly come by typing in the URL – rather than clicking on a link – to avoid entering their login credentials of the fake site or making a payment to the attacker. 

10. See Something, Say Something 

Identification is the first step in the battle against phishers. However, chances are if one employee is receiving phishing emails, others are as well.  

  • Legal Notices and Privacy Policy
  • Help
  • Contact Us