United Derm Partners is dedicated to promoting a culture of compliance. What can you do to help?
C – Commit to doing the right thing.
O – Obey regulations and policies that apply to your job.
M – Make compliance awareness part of your job.
P – Put your code of conduct in an accessible spot.
L – Lead by example.
I – If in doubt, check it out.
A – Attend training sessions.
N – Notify your supervisor or Compliance Officer of any suspected violations.
C – Communicate openly and honestly.
E – Ethics is part of all activities.
To report suspected violations directly to the Compliance Department, please email them directly at SecurityOfficer@UnitedDermPartners.com or call the Compliance Line at 888.893.9004. Anonymous reporting is always an option.
Phishing is the fraudulent practice of sending emails purporting to be from reputable sources to induce individuals to reveal personal information such as usernames and passwords. Hackers only need to hook one. Don’t let that one be you!
What could happen if I get hooked?
The hacker can log in to your account and any other account that uses similar usernames and passwords and do everything you can do!
Imagine what could happen if someone took your car or house keys, made a copy without you knowing, and always knew where your car was and when you were out of the house.
Imagine what could happen if someone took your phone and had its password with some of your most private and personal information at their fingertips.
You don’t leave your keys or phone laying around, nor would you give them to someone you didn’t know. Treat your username and password with the same level of care and security. Losing control of the highly sensitive information in our email accounts and medical record systems could have grave business and legal consequences for us as individuals and our organization as a whole.
How can I avoid getting hooked?
Ask yourself the following questions. If the answer is no, you are better off deleting the email and moving on or sending a copy to email@example.com to validate whether it is legitimate. Example answers are included based on this example email.
Q: Was I expecting the email or did I request the information in the email?
A: No. I was not expecting this email nor did I request the information. It also seemed out of the ordinary since Jay has never sent a voicemail via email before, and usually any voicemail coming in through email has an attachment rather than a link.
Q: Do I recognize the “from address,” i.e., the sender as valid?
A: No. At first glance, the from address seems legitimate, but upon closer inspection, I can see that the “m” in uniteddermpartners.com was replaced by an “n.”
Q: Do I recognize the URL behind the link as valid?
A: No. When I hovered my mouse pointer over the Listen to Message link without clicking, I saw the following: http://portal.docstoreinternal.com/?id=fMZnzGG5umq0VEEFA%.... Anything legitimate associated with Office 365, Outlook, etc. should be using https:// at the beginning for a secure connection and portal.docstoreinternal.com is nothing like the legitimate websites outlook.office.com or uniteddermpartners.sharepoint.com.
Q: What if I really want to click on the link and listen to a voicemail from Jay even though it looks suspicious?
A: Forward this, or any other questionable email to firstname.lastname@example.org and ask first.