1. HotDoc Help
  2. Security and Privacy
  3. Privacy and Security

Spotting scams: How to tell if a message really came from HotDoc

Last updated

At HotDoc, we take your privacy and security seriously. 

Unfortunately, scammers sometimes impersonate HotDoc—or send fake emails or SMS messages—trying to trick people into giving away personal information or clicking malicious links.

This guide will help you recognise genuine HotDoc messages and identify possible scams. 

 

In this article

 

 

What genuine HotDoc communications look like

To make sure the message you receive is genuine and sent by HotDoc:

 

  1. Check the sender. Our emails will always come from hotdoc.com.au or hotdocmail.com.au — always check the spelling, as malicious actors may use domains that look similar.
    • We have protections in place to help your email provider detect if an email claims to be from us but is not from us (SPF/DKIM). Look at your emails and review any warnings carefully.

  2. Check the link. All Hotdoc links will take you to hotdoc.com.au or htd.io— again, it’s critical that you always check the spelling, as malicious actors may use links that look similar.

  3. Check the contents of the message you’ve received. Typically, we include information that only we or your practice would know, including:
    • Your name;
    • Your practice or doctor’s name; 
    • Your appointment details;
    • Private information that has only been shared with HotDoc or your practice.

If the message tells you less than 3 things, you may still be able to trust the message if it is sent by an approved email domain as specified above
ⓘ Tip

 

Over the years, we’ve been working to have more and more of our messages sent via the HotDoc App, so you know you can trust them.

We recommend downloading the HotDoc App and enabling Push Notifications so you can receive more of our messages via this safe and trusted method.

If you have received an SMS from HotDoc and are not sure why, check out Why did I receive an SMS from HotDoc?

 

How to spot a potential scam

Organisations like HotDoc may be impersonated by malicious actors, and scammers may attempt to deceive you into disclosing sensitive information by falsely claiming to be us.

If a message seems suspicious, ask yourself the following:

  • Does the message include fewer than three specific personal details (e.g., your name, your doctor’s name or your appointment time)? If yes, that’s a warning sign.

  • Is the sender email domain or link spelling slightly off? Genuine HotDoc links will only go to the domains: hotdoc.com.au. If the domain is misspelt (e.g., “hotdoc-portal.com”, “hotd0c.com”, “hotdoc.app”) or uses extra characters, do not trust it.

  • Does the message pressure you to take unexpected or unusual action?
    Some HotDoc messages, like appointment or payment reminders, may include time-sensitive steps — that’s normal. But if a message feels overly threatening or unusual, exercise caution before clicking any links.

  • Does the message contain odd grammar, spelling mistakes or generic greetings (e.g., “Dear Customer” instead of your name)? These are common in scam attempts.

  • Are you being asked to click a link, download something, or enter login credentials on a site that looks different from HotDoc’s usual website or app? Be very cautious and check the domain closely.

 

What to do if you receive a suspected scam message

If you suspect a message claiming to be from HotDoc is not genuine, here’s what you can do:

  1. Do not click any links or download any attachments in the suspicious message

  2. Do not reply with any personal information.

  3. Go directly to the HotDoc App or the official HotDoc website(by typing the domain hotdoc.com.au into your browser yourself).

  4. Check with your medical practice – if the message referenced an appointment or something about your care, contact the practice directly using a phone number you know is correct (not one provided in the message).

  5. Report the message to us: You can let us know about a suspicious email or SMS you have received by submitting a patient support request here. Please provide any screenshots if possible.

  6. Delete the message once you’ve reported it or verified it’s fake.

 

How we protect your data — giving you confidence

To help you trust your communications with HotDoc, our Platform has security built in, and we have been externally audited in our security practices. These include: 

  • We encrypt sensitive data, both in transit and at rest within our platform

  • We review the security controls of the vendors and suppliers that we engage who might have access to sensitive data

  • We regularly audit our systems for access, our code and our infrastructure for vulnerabilities,
    including paying security researchers to test our platform

  • We log access to your data and our systems, and monitor our services for signs of anomalous activity and audit access that could indicate a security issue 

  • We run our platform in Amazon Web Services, who ensure that the infrastructure that hosts our platform is secure 

  • We train all of our staff in the importance of security and the secure handling of any personal and confidential information

 

To prove that we do all of these things, HotDoc is SOC2 Type 2 accredited, providing independent assurance that our systems meet the highest standards for data protection, security, and reliability.

HotDoc’s commitment to Security
HotDoc’s Privacy Policy
ⓘ Read more

 

Need further help? 

If you’re still unsure about a message you received: 

  • Contact your practice and ask if they sent the message. 

  • Let us know by submitting a patient support request here so we can investigate and help protect others.

Thank you for helping keep your personal information and health-related communications safe. We value and appreciate your vigilance.

Related articles