Skip to main content

Phishing Awareness

Updated over a year ago

At Foodsmart, like many other companies, phishing is a common problem. Be it via emails, phone calls, or text messages - this is a common issue that hits every part of the company.

So, as security, we want to make sure you know how to identify and deal with these issues, so we can ensure the safety and security of our patients, employees, and the business.

What does phishing look like?

Phishing can come in many forms, but there are a few things that are usually present that are red flags you should watch out for.

  • Being reached out to by means you're not usually communicating on

  • A sense of urgency

  • Demands/threats of something bad happening if you don't comply

  • Demands for secrecy in what you're being asked to do.

Example 1: The gift card scam

This is one of the most common scams we see at Foodsmart. In the last two weeks, I've received nearly a dozen of these attempts in my email:

From the emails themselves, there's several red flags to note. Not every one of these will have all of these issues, but if you see these things, its best to be cautious:

  1. It was in the spam folder. Generally a good first sign of it being something that should be ignored.

  2. Giant red banner saying "This message seems dangerous"

  3. Email is from outside the company. The little yellow "External" flag should always be a note to be cautious, especially when someone is claiming to be an employee - like our CEO Jason Langheier.

  4. Under no circumstances is it appropriate for anyone to ask you for personal information - like your personal email/cellphone number - via email. If that information is needed, HR will ask for it in Rippling.

  5. The email is "From" someone called "QUICK-RESPONSE". This is there to present a sense of urgency. Nobody at Foodsmart will have an email name like that.

  6. When you click the down arrow to see the actual email, its some random @gmail.com free email address. This is what #3 was hinting at, but now we can doubly see that this email is sketchy.

  7. No email signature, and odd formatting. Its not a foolproof plan, but every email from Jason ends with a signature like this:


Likewise, we regularly receive questions from employees about suspicious text messages - this is usually either the follow up to this email, or the scammer got a list of phone numbers and names, and matched linkedin to see what company you work for and the CEO's name. Those tend to flow like this:

Notice the same sort of "The CEO is asking you to reply?" This is not how we communicate at all. If you see something like this - ignore it. Our CEO is not going to text you out of nowhere to do anything.

What do I do if I get a phishing email?

The best thing to do is to report it. Fortunately, Gmail already has tools in place to make this easy, and reports go straight to the security team.

Report an email as phishing

  1. On a computer, go to .Gmail

  2. Open the message.

  3. Next to Reply , click More.

  4. Click Report phishing.

What do I do if I get a phishing call/text?

If you're not sure, take screenshots of what you have and notify security via an email to phishing@foodsmart.com and we'll take a look. Please also let us know what, if anything, you replied with, so we can chase down any potential problems and provide the best guidance to you.

Oftentimes, criminals will ask for seemingly innocuous things that can reveal more than you're expecting. As security, we're trained to catch these things - so the more information we have, the better we can help you.

I clicked the link/said something I shouldn't have/etc?

Now what?

In a perfect world, nobody would click on the links in the email, or reply to the scammers, or any of those things. In reality, anyone can get caught by the right trickster at the right time in the right conditions.

So, say you got an email from "IT" and downloaded and ran the software they told you to... then realized "Wait... that didn't seem right..."


​

Step #1: Tell security. The fastest is usually going to be via the #security channel in slack, or emailing .security@foodsmart.com
​

Our goal is to do 2 things:

  • Get everyone and everything back to a safe and secure state

  • Build better tooling/training/protections to prevent this from happening again

And the faster we know, the faster we can handle those issues, while doing our best to minimize the impact of the problem.
​

Likewise, the worst thing you can do is try to hide that a mistake was made, as that leads down the path of bigger problems, regulatory issues, potentially harmed patients, and the eventual discovery and questioning of why these things weren't reported. Security, Regulatory, and Legal all want to keep these things as small as possible and as easy for everyone. So remember: Prevention is best, reporting is next. And if you're not sure - tell us anyways.


​

Related Articles
Member limitations to obtain Foodsmart Bucks
How do you receive/redeem/use Foodsmart Bucks
Foodsmart.com Account Login Instructions
Member has no computer/internet
License FAQs
Did this answer your question?