Beyond our own circle of friends, most of us have subscribed to online news feeds and newsletters and receive e-mail updates periodically. And on the far end of the spectrum are the outright phishing scams that are (or should be) easy to spot.
But there is a gray area in the middle, somewhere between legitimate outside e-mails from known sources and the outright scams, that are problematic.
Let’s say you have signed up for a newsletter keeping you informed of the latest developments in human resource policy, and then suddenly you get an e-mail solicitation for a completely different newsletter, concerning workers’ comp issues. On the surface it looks legitimate, but you aren’t sure, and you don’t really want yet another newsletter in your inbox. Or instead of a newsletter, it might be an outright solicitation for a related product or service.
Should you unsubscribe?
This is a tricky question. If it is a legitimate company, they will be bound by the CAN-SPAM protection overseen and enforced by the Federal Trade Commission. (More information on that is located here.) Those rules spell out some specific requirements for opt-out and unsubscribe procedures. Among other things, within the e-mail itself there should be a link to make it very easy and straightforward for a user to unsubscribe from the list.
If it is not a legitimate company in the first place, however, they probably don’t care about the CAN-SPAM rules at all. Or they may have set up a spoofed originating e-mail address, making them impossible to track down and prosecute. Their business model may have nothing to do with their so-called newsletter, instead their business may be about harvesting and reselling e-mail addresses to other e-mail spammers. So by unsubscribing, you have confirmed a legitimate e-mail address. Or even worse, the unsubscribe link may lead you to a web form where you unknowingly provide more business/personal information to a fraudster.
Our advice is to try to determine if the originator is a legitimate source, and if it appears to be so, and you do not wish to receive future communications from them, follow their unsubscribe procedures. If you continue to receive solicitations, report them to the FTC.
If it appears to be a scam, then the unsubscribe link is either worthless or, worse yet, may lead to yet another fraudulent site, then just delete the message and set you junk mail filter to block further communications from that sender.
If you have any questions about a suspicious e-mail, you should check first with your manager or supervisor, and possibly check with your IT systems administrator or HIPAA security officer.
Marion K. Jenkins, PhD, is founder and CEO of QSE Technologies, which provides IT consulting and implementation services for ASCs and other medical facilities nationwide. Learn more about QSE Technologies at www.qsetech.com.
