Phishing is a common mode of cybercrime, and it can happen to your dental practice. Regardless of how much individuals and companies think they may know about scam emails, they still often fall victim. Unsurprisingly, failing to have robust dental security teams or protocols can have drastic consequences.
Phishing isn’t anything new. It’s been cybercriminals’ most common method of attack for many years, but because of how complex phishing scams can be, learning how to spot phishing emails is extremely important.
And, phishing attacks continue to increase in impact and in number despite the advances made in detection technology and anti-virus protocols.
Trend Micro, a security software firm, reports that 91% of all cyberattacks and the data breaches that result from them start with a phishing email attack. The email is made to look like it’s coming from a trusted source. It may encourage the victims to click on a link or open an attachment that then goes on to download malware onto their computer. Or it may request the victims disclose certain sensitive data like their passwords.
What Is Email Phishing?
When learning about how to spot phishing emails, the first thing you need to do is learn what phishing is. Phishing is one form of online scam where consumers are sent an email that looks like it’s coming from a trusted, well-known source, such as:
- A bank
- An internet service provider
- A mortgage company
It requests personal identifying data or asks the recipient to take a certain action, often using social engineering. The scammer will then use this information to invade the recipient’s existing accounts or open new accounts.
The most harmful of all phishing scams are socially engineered phishing emails. They’re created to look genuine and be relevant to the recipient. The recipient performs the action being asked in the email because they think they can trust the sender. This leads to devastating results. In the case of a dental practice, the scammer can gain access to the dental practice’s sensitive data or network undetected if the recipient:
- Opens an attachment in the email with a malicious payload
- Clicks on a link that directs them to a malware-infected site
- Gives out their login credentials
How to Spot Phishing Emails
Although socially engineered phishing emails frequently dodge being detected by email filters since they’re so sophisticated, they frequently have common characteristics — they’re often created to trigger emotions, such as:
To spot a phishing email, you’ll need to know what to look for. Phishing emails may look like any of the following:
#1. Strange or Suspicious Attachments
There are many forms of phishing emails to be aware of when learning how to spot phishing emails. While emails are the most common, you may also receive scam phone calls, text messages, or social media posts.
Regardless of how phishing emails are delivered, however, there’s a payload in each of them. This can be either a link to a scam site or an infected attachment that you’re being asked to download.
The mission behind payloads is to capture personal and sensitive data, such as:
- Phone numbers
- Credit card details
- Account numbers
- Login credentials
The infected attachment will seem like a benign document, but will actually contain malware. For example, the scammer may claim they’re sending you an invoice for dental practice supplies. It doesn’t matter if you’re expecting to receive this invoice from this particular entity or not, because in many cases, you won’t really know what the message pertains to until you open up the attachment. Once opened, the invoice may not even be intended for your dental practice, but at that point, it’s too late. Opening the attachment has unleashed malware onto your computer where it will go on to perform various corrupt activities.
#2. Emails Requesting Sensitive Data
You should treat all emails that come from an unfamiliar or unexpected sender requesting payment information, login credentials or sensitive data with caution. Phishers can duplicate login pages that look just like the real thing and then send recipients an email that contains a link that points to the fake login page. If you get an email that redirects you to a login page or requests payment, you should refrain from putting your information in unless you’re 100% sure it’s a legitimate email.
#3. Offers That Are Too Good To Be True
Phishing emails frequently offer some type of reward for taking a certain action. Emails that incentivize recipients to open an attachment or click on a link to access some type of reward are too good to be true emails. If you’re not familiar with the sender of the email, or if you didn’t initiate the contact, there’s a good chance it’s a phishing email.
#4. Emails With a Sense of Urgency
Phishing emails frequently try to get individuals to act fast. A lot of scams request that the recipient acts now before it’s too late. Windows, Netflix, and PayPal all offer services that are used regularly, and any issues with those accounts can cause instant inconveniences. Phishing emails often imitate services like these because of this.
#5. Spelling Mistakes and Bad Grammar
Bad spelling and grammar mistakes are another way to identify phishing. Professional emails tend to be checked for spelling and grammar. Most companies have built-in spell-checking tools that, by default, scan their emails automatically to ensure the spelling and grammar is correct.
#6. Unusual or Generic Email Addresses
Legitimate companies and organizations will not send emails from an @gmail.com address. Google doesn’t even do this. Most companies, with the exception of smaller companies, will have their own company accounts and email domain. For instance, a legitimate email address for Google is @google.com.
Generally, scammers will use a bogus email address that will have the “spoofed” company name in the local part of the address (the name before the @). Take Paypal for example.
Looking at a spoof PayPal phishing email, you’d say it’s almost flawless. It:
- Has the PayPal logo at the top of the email message
- Has a professional style to it
- Looks believable
But, the one big red flag is it uses a bogus email address, even though it attempts to replicate PayPal’s genuine email. An email that is actually coming from PayPal will have the organization’s name in the domain name (@paypal.com) and not just the local part of the email address.
A phishing email will look something like this: Paypal@notice-access.275.com. Because PayPal isn’t in the domain name part of the email address, it is indeed a scam.
Many individuals, unfortunately, will see the word PayPal anywhere in the email message and that will be enough to trick them to do what’s requested of them in the email. Just seeing the word PayPal in the email address will be enough to convince them because they don’t understand the difference between the local-part and the domain name of an email address.
How to Stop Phishing Emails
Your dental practice should offer routine staff awareness training to get a handle on the threat of phishing and teach your employees how to become aware of and identify phishing emails.
By continually reinforcing the avoidance of scams, your team will start developing good habits, and detecting phishing emails and malicious attachments will become second nature.
Even if you’re using software that blocks malicious emails automatically, phish can still land in the inboxes of your employees. It’s essential that suspected or known phishes are reported and removed. Reporting possible phishing attempts and opening phishing emails helps security personnel mitigate the risk of spread and secure the network. It’s important your staff has a process in place for reporting suspected emails, whether they’ve opened them or not.
Get the Protection Your Dental Office Deserves
Contact Erickson Dental Technologies to gain expert protection for your dental office. Over the last 30+ years, we’ve partnered with a number of dental practices in the planning, integrating, and supporting of computer-based technologies. Learn why so many dental practices choose Erickson Dental Technologies to keep their data secure and streamline their processes.