During the summer, a piece of AV equipment broke down. The equipment was out of warranty, so Psychiatry IT contacted the manufacturer, to find out what it would cost to have the equipment repaired. We received an estimate and a link to a Google Docs support request form. We decided not to have the equipment repaired.
In December, Psychiatry IT received an e-mail offer, apparently from the manufacturer’s technical support team. It noted the model of equipment that we owned and said they would provide a “free 15-month extended warranty” if we clicked a link and left a review of the equipment on Amazon.com. Given the broken nature of the equipment, it was very compelling, but there were a few red flags:
- The e-mail was from “Tech Support”, rather than a marketing or sales department.
- The e-mail came from an @gmail.com account, rather than a company alias.
- If our warranty was expired, how could we “extend” it?
- We did not make the initial purchase from Amazon.
This manufacturer uses Google Suite to manage their records and for corporate e-mail. Their e-mail accounts have custom aliases, so that they appear to come from @themanufacturer.com, but are actually gmail accounts. We believe that somebody, possibly an old employee, got access to the manufacturer’s service records in Google Docs. They then did a targeted e-mail, to existing customers. The intent was to get us to click a link, which would typically do one of two things:
- Get us to enter Amazon login details, on a fake web site. This can lead to purchases on a credit card, saved at Amazon.
- Link to a fake web site, which would infect our computer with malware.
Psychiatry IT urges you use UBC services, rather than non-UBC services, like Google Suite/Docs. Non-UBC services have more potential to be compromised. These Phishing attempts are very compelling and could easily dupe you into exposing personal or patient information, to unethical people.