As dental practices have become more reliant upon the internet to conduct business, they are increasingly exposed to the risk of malicious infiltration and hacking. One particular area of weakness is email, which can be taken over and exploited in numerous ways. Let’s look at the dangers of a hacked email account, and what you can do to protect your dental practice –and your patients’– valuable data.
Email Phishing refers to a number of methods that serve one endgame: to steal money or valuable data. A lot of times, your email client will filter out phishing scams, however, you are still vulnerable. Phishing aims to retrieve sensitive information from you, like credit card detail, social security numbers, login credentials, or patient data. This usually happens by tricking you into entering sensitive information. There may be links contained within the email that send you to a legitimate looking location where you can provide that information, or they could ask for it outright in the body of the email.
Phishing is a form of data retrieval, with nefarious intent.
Email Spoofing is a method of delivering an attack on your email by using an email address that appears to be from someone you know or a source you trust. Oftentimes, an email phishing scam is delivered through a fake or hacked account to increase the likelihood of a successful attack. Email spoofing can appear as contacts that you know, businesses that you trust, or even form someone within your own business. Email spoofing can be hard to spot, but if you carefully evaluate the email address and compare it to a known email address associated with person or entity sending it, then you can often spot discrepancies.
Email spoofing is a delivery method that attempts to legitimize the source of an email.
Large businesses like banks and online retailers will never solicit sensitive information in an email. They will almost always request that you follow a link in their email to update information such as your password, or verify that you are the correct party to do so. Be suspicious of an email that asks you to plug in any sensitive information in the body of the email.
Believe it or not, one of the most telling things that can reveal a potential intrusion are spelling errors. This is even more obvious if you receive an email from an entity claiming to be a large business or brand, which typically don’t send out emails with grammatical errors.
When reading an email from a large business that solicits your sensitive information, pay close attention to their wording.
If you receive an email that requests you click on link, evaluate it before clicking. Simply rest your mouse over the link (do NOT click it) to see if the address matches the company address from which it was sent. If the address is a random string of numbers, or looks nothing like the web address of that party, then do not click it. Also, beware of links that lead to .exe files, which are files known to spread malicious software.
If you receive an email that says your security has been compromised, and that your account will be terminated if you don’t take any steps, then you may be reading a fraudulent email. Look out for threats in the header of the email like “Account Suspension,” or, “Respond Now or Lose Your Account.” Large businesses will never threaten to deactivate your account because of privacy concerns, and will ask that you call them to resolve any issues with your account.
If an email seems fishy, don’t click any of the links or open any the attachments that it contains, which can infect your computer and steal your valuable data.
If you’ve received a suspicious message from someone you know or a business with which you work, then contact that party directly to verify that they sent it. If they have not sent it, then erase the email and report it here.
Email hacking presents real dangers to dental practices, and can put you at risk for HIPAA violations. Remember to be thorough, and evaluate every email before opening attachments or clicking on links. Contact Smile Savvy if you have any questions about cyber security, and learn more about how you can protect yourself from online security risks.