You quickly recognize the junk mail stuffed in your home mailbox. Phrases like “you are pre-approved” probably send those letters straight to the trash. Fraudulent emails can be harder to identify. By simply opening an email that is not secure, you put your entire dental practice at risk for giving a hacker access to the PHI (protected health information) of your patients.
What is phishing?
Opening up a risky email is a way for hackers to have access to your computer; these emails are phishing attempts. Phishing is when a hacker creates an email that doesn’t look threatening in the hopes that you open it and click on a link or download something. When you do so, it could give them access to your files, passwords, and data.
Dental practices are precious for hackers. A patient’s PHI is worth 10 times more than a credit card number on the dark web. In fact, a phishing attempt hit the American Dental Association in August 2019. An email was sent out by a hacker that was made to look like it came from the ADA’s President. According to the ADA, “this phishing scam appeared to be a targeted attack to capture dentists’ passwords, with no malware attached.”
How do I know it’s a phishing attempt?
Recognizing these attempts can be difficult if you don’t know the warning signs. Renaissance’s security team trains all of our employees on cybersecurity. We thought your practice might benefit from some of the things we learned from our dental heroes.
- When you see a link in an email hover over it with your mouse, do not click on it. You are looking at how the link is structured. Start by examining the periods and slashes in the link. For example, chasebank.com would take you to chase’s website. Chase.bank.com will take you to bank.com, which could be a site that’s meant to hack your system. The part immediately behind the end of a web address (.com) will tell you where you are heading.
- A web address like 123.123.1235/bank is phishing because it doesn’t show who owns the website. Pay close attention to the last part of the URL, it’s like your breadcrumb trail showing the website at the end.
- Look for faulty spelling and grammar in the email and subject line. Phishing attempts often have simple errors that give them away.
- Step back and consider the content of the email. If it’s promising something unrealistic or seems threatening, it’s likely a phish.
- Keep in mind how your company sends communication. For example, if you get emails from humanresources and the sender says humanresource, it’s likely a phishing attempt.
- If you haven’t been in contact with the sender of the email before, that may be a red flag. Many phishing attempts will pretend to be someone you work with, asking for your cell phone number for an urgent request. This is likely a suspicious email.
What do I do if I see a phish swimming my way?
When you think a phishing email is in your inbox, do not open it. Report it to your IT department right away. If your practice doesn’t have an IT department, make sure your supervisor knows because you may be experiencing just one of many barrages against the office.
Firewalls can only protect you so much; at some point, human defense is needed. You can stay vigilant by reporting things you find suspect and by keeping all of your software up to date. Hackers will often target those who haven’t updated to the newest version of your software.
The American Dental Association also recommends that you contact the Federal Trade Commission by forwarding phishing emails (do not open them first) to email@example.com and firstname.lastname@example.org and report the incident to the commission at FTC.gov/complaint.