As dental practices have become more reliant upon the internet to conduct business, they are increasingly exposed to the risk of malicious infiltration and hacking. One particular area of weakness is email, which can be taken over and exploited in numerous ways. Let’s look at the dangers of a hacked email account, and what you can do to protect your dental practice –and your patients’– valuable data.
Email Scam Vocabulary
Phishing
Email Phishing refers to a number of methods that serve one endgame: to steal money or valuable data. A lot of times, your email client will filter out phishing scams, however, you are still vulnerable. Phishing aims to retrieve sensitive information from you, like credit card detail, social security numbers, login credentials, or patient data. This usually happens by tricking you into entering sensitive information. There may be links contained within the email that send you to a legitimate looking location where you can provide that information, or they could ask for it outright in the body of the email.
Phishing is a form of data retrieval, with nefarious intent.
Phishing is a solicitation of sensitive data, oftentimes a password or login credentials.
Email Spoofing
Email Spoofing is a method of delivering an attack on your email by using an email address that appears to be from someone you know or a source you trust. Oftentimes, an email phishing scam is delivered through a fake or hacked account to increase the likelihood of a successful attack. Email spoofing can appear as contacts that you know, businesses that you trust, or even form someone within your own business. Email spoofing can be hard to spot, but if you carefully evaluate the email address and compare it to a known email address associated with person or entity sending it, then you can often spot discrepancies.
Email spoofing is a delivery method that attempts to legitimize the source of an email.
Warning Signs of an Email Scam
This looks real, but notice the grammar error in “Recovery My Account.”
Information Solicitation
Large businesses like banks and online retailers will never solicit sensitive information in an email. They will almost always request that you follow a link in their email to update information such as your password, or verify that you are the correct party to do so. Be suspicious of an email that asks you to plug in any sensitive information in the body of the email.
Spelling Errors
Believe it or not, one of the most telling things that can reveal a potential intrusion are spelling errors. This is even more obvious if you receive an email from an entity claiming to be a large business or brand, which typically don’t send out emails with grammatical errors.
When reading an email from a large business that solicits your sensitive information, pay close attention to their wording.
Strange Links
If you receive an email that requests you click on link, evaluate it before clicking. Simply rest your mouse over the link (do NOT click it) to see if the address matches the company address from which it was sent. If the address is a random string of numbers, or looks nothing like the web address of that party, then do not click it. Also, beware of links that lead to .exe files, which are files known to spread malicious software.
When hovering over the link, a false address that has nothing to do with UPS is revealed.
Threatening or Ominous Language
If you receive an email that says your security has been compromised, and that your account will be terminated if you don’t take any steps, then you may be reading a fraudulent email. Look out for threats in the header of the email like “Account Suspension,” or, “Respond Now or Lose Your Account.” Large businesses will never threaten to deactivate your account because of privacy concerns, and will ask that you call them to resolve any issues with your account.
How to Protect Yourself:
Don’t Click Links or Open Attachments
If an email seems fishy, don’t click any of the links or open any the attachments that it contains, which can infect your computer and steal your valuable data.
Reach out to the Sender Directly
If you’ve received a suspicious message from someone you know or a business with which you work, then contact that party directly to verify that they sent it. If they have not sent it, then erase the email and report it here.
Contact Smile Savvy
Email hacking presents real dangers to dental practices, and can put you at risk for HIPAA violations. Remember to be thorough, and evaluate every email before opening attachments or clicking on links. Contact Smile Savvy if you have any questions about cyber security, and learn more about how you can protect yourself from online security risks.
