How Not to Be Phished

Nobody wants to believe that s/he is gullible enough to fall for a scam. That said, this writer has heard terrible stories of dental practices being hacked after an employee falls for one of the classic email frauds: phishing. Phish emails have been around for almost two decades, and it is likely that the reader has heard the term before. Stated simply, a phish is an attempt to trick an email recipient into giving away sensitive or private information for fraudulent purposes. When phishing attempts succeed, they can lead to problems such as financial fraud, identity theft and in some cases, theft of patient records.

Email has been around for a while, and many of us are experienced in detecting (and deleting) odd-sounding messages, such as the classic:

Dear Sir, You will doubtlessly be astonished to be receiving a message from a person unknown to you, who is about to ask a favor from you…


“We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click this link to confirm your identity…”

Phishers are getting increasingly sophisticated, however. The messages that make it through your spam filter look authentic and sound authoritative. Blending other technological trickery such as spoofing, miscreants can even make an email message appear as if it is coming from a trusted sender. Clever fraudsters are increasingly targeting their prey, since it’s pretty easy to know who in the dental practice is going to have the most information access (hint: it’s the dentist).

So how can dental practices protect themselves from the scourge of phishing? Consider these tips:

See what lies below that link.

Think twice before you reflexively click a link in an email message. There are two ways to see if an email link is genuine. If this option is available in your email application, simply mouse over (don’t click!) the link. A “tool tip” may reveal the actual destination of a link.

In most email applications, you can also view the link destination in the bottom left or right hand corner of the window when you mouse over the link.

Keep your firewall active, computer systems patched and your anti-virus updated.

Phishing attacks are successful in part because dental practices fail to maintain these most fundamental safeguards for their computer systems. Check with your IT support expert to make sure that these basic protections are in place.

Use and preach “common sense.”

This statement might seem like a no-brainer, but common sense is the most powerful backstop against being phished. If the email message doesn’t smell right, don’t click it! Delete it. Or at the very least, ask someone else to give it the smell test. A second opinion often helps.

For more information regarding phishing prevention, see the Federal Trade Commission’s advice here.