It was the typical manic Monday morning of opening up the inbox which had been stacking emails while we were away all weekend. That crushing feeling of an insurmountable workload had teamed up with some uncleared cobwebs and resulted in a diabolical email debacle. The short of it is we gave our Gmail login credentials to a hacker who used them to send a phishing email to our contacts.
More from Dr. Bazan: 10 reasons why my practice doesn't have a phone
Why did you open it?
My front desk team sent me an email that indicated they shared a Google document with me. We share documents with each other all of the time. When the email signature appeared slightly different, my first thoughts were, “Shoot! This isn’t right. I bet we have been hacked!” Then my mind flashed to a couple of emails that had come in since Friday afternoon. The emails Friday were “Vital Information” and the best-selling follow-up “DO NOT OPEN EMAIL TITLED ‘VITAL INFORMATION’—IT IS A HACK.” My next thought was “That knucklehead Aaron probably just opened that email and just spammed our contacts!”
More from Dr. Bazan: HIPAA in the age of social media
I Gchatted with Aaron and found out he got the first email, and before seeing the second message opened the “shared” document. Why, man? Why?!? Why did you open that email!?!?!?! Those were my next thoughts. However, this was no ordinary email hack. Upon investigation, it was the most sophisticated phishing email I had ever seen. Here is why Aaron still has a job.