Doctolib phishing alert: how to spot scams and what to do if targeted

Fraudsters have been scamming users of Doctolib, the online healthcare booking platform used by more than 90 million people in France and Europe.

“Over the past few weeks, we have identified a phishing campaign impersonating Doctolib. Third parties are attempting to obtain your personal information through fraudulent messages,” read an e-mail sent to Doctolib users at the start of July. 

Service users have reported receiving text messages and emails that imitate those of official Doctolib communications. Clicking on the in-text links leads to fraudulent sites where personal or banking details can be stolen.

This new phishing campaign comes after a similar one in the springtime, when messages promised users a partial refund for their last medical consultation. In reality, patients were being scammed out of more money. 

Doctolib has now published an online guide to raise awareness of scams and offer advice on how best to avoid them. 

How to tell if a message is fraudulent?

Official Doctolib e-mails come exclusively from the following addresses:

• no-reply@doctolib.fr, for communications concerning your appointments

• no-reply@email.doctolib.com, no-reply@infos.doctolib.com and no-reply@news.doctolib.com, for marketing and informative communications

On Gmail and Yahoo, e-mails are also marked with a blue verification badge.

Text messages will always display the sender as ‘Doctolib’ and never come from a personal mobile phone number.

It is also recommended to cross-check whether alerts or notifications appear on your Doctolib account. This way, users can be certain of the authenticity of any communications.

Read more: Warning over rise of bogus health ‘cures’ in France

Can Doctolib request online payment?

Payment requests do not always suggest fraudulent intent. 

Doctolib can, in some circumstances, request online payments to be made:

• Physical consultation: medical professionals can activate online payment after a consultation. You will receive an official notification by e-mail.

• Teleconsultation: payment for your teleconsultation is made when you book your appointment online, by credit card.

• Consultation surcharges: in certain situations (emergency consultations, overnight consultations, public holidays), a payment request may be sent via text, e-mail or notification from the Doctolib application.

What to do if you receive a message you suspect to be fraudulent?

If you receive a suspicious message:

• Do not click on any links or interact with the message. 

• Report the fraudulent message to phishing@doctolib.com and mark it as spam.

• Change your password immediately if in doubt.

• Delete the message.

• If necessary, consult the government's Cybermalveillance platform to receive personalised advice.

Note that to keep your personal information secure and avoid being scammed, you should never share your login or confidential data.