Two days ago I received an email from "Animas NoReply" with a subject line:
J&J Encrypted Message - Secure! - Animas Encrypted Message - *** PLEASE DO NOT RESPOND TO THIS EMAIL ****
When I clicked on the link in the body of the email it took me out to a webpage that required me to "register" to get the content of the message. The registration page asked for all kinds of personal information. At that point I decided to stop.
My suspicions, however, were now provoked. How do I really know that this came from Animas? I understand that the internet spoof frauds have gotten very good at imitating logos and content to look like banks and brokerage accounts.
If it were not from my insulin pump company I would have just deleted it. So I went back to the body of the email looking for other options. I saw an 800 number at the bottom and called it. The person answered with "Global Service Desk." I asked them if this was Johnson and Johnson. The person said yes and do I have a "world-wide number?" I said I have no idea what they're asking about and that I had a question about an email that had to do with my Animas insulin pump. The person showed no recognition with the terms "Animas" or "insulin pump."
I called the Animas help line number on the back of the pump. There was no menu choice for "suspicious emails" so I chose technical help instead. I explained to the technical help person what was going on. I also explained that I had recently received a replacement pump and had already sent the faulty pump back. In fact, the UPS tracking number confirmed that it been delivered to Animas on June 2. He agreed to have a supervisor call me.
I just got off the phone with the supervisor and asked what this was all about. Apparently the email was sent two weeks ago and contained the UPS tracking number of my replacement pump and the email finally delivered on June 2. I told her that I thought sending a cryptic email like this was no way to communicate with their customers. I also told her that I had no idea that this was a legitimate email or some spoofing rip-off artist. And calling the 800 number in the email did nothing to answer my concerns.
She said that the encrypted email was sent to comply with HIPPA law. I told her that I understand that but what's wrong with using the old-fashioned US mail? She said that they defaulted to this style messaging if the customer had an email address on file. I told her that I normally prefer the "green option" of using bits rather than paper but when they choose to send a suspicious puzzle to me, then I prefer the mail!
I hope this post saves someone a little nuisance.