Text Message Scams (Smishing) Targeting Dentists & Oral Care Professionals

Text Message Scams (Smishing) Targeting Dentists & Oral Care Professionals

Key points from the article:

• Text message scams are the new threat dentists, and oral care professionals face in today’s cyberspace.
• Almost all businesses, including dentists and oral care professionals, can fall victim to phishing attacks.
• Scammers are becoming more sophisticated and using technology to lure unsuspecting victims into providing their financial and personal information.
• Being prepared against text message phishing is only half the battle. A firm security policy can help your office and staff to stop scam attacks.

Phishing attacks through text messaging have become more familiar with the proliferation of smartphones, and clinics could be the following targets for scammers. Text message scamming (smishing) is contacting unsuspecting victims while attempting to trick them into providing their personal or financial information through social engineering tactics.

Most text message phishing scams are quick and easy as technology advances, and dentists and oral care professionals are the next possible targets. It doesn’t require human resources or expensive technology to set up, and the payoff is often immense if it pays off.

Whether in terms of stealing patient records or financial information, gaining access to dental IT systems, or using ransomware to force dentists to pay hundreds of dollars to regain access to their systems, text message scams can be devastating.

Is Your Dental Clinic Vulnerable to Text Message Scams?

Admittedly, almost any business is vulnerable to phishing attacks. Scammers are constantly devising new, more advanced ways to attack their victim’s weakest link in the security chain – people. Even sophisticated tools like antivirus software and firewalls cannot help against text message phishing if one of your staff unwillingly reveals their passwords or sends money to a fraudulent group or entity.

Imagine the repercussions if your Endpoint Detection & Response (EDR) software is compromised. Hackers could steal crucial patient data, confidential financial information, medical records, etc. The overall damage to your dental clinic could be catastrophic.

Such breaches may even result in breaching Health Insurance Portability and Accountability Act (HIPAA) provisions, which can cost you your license, a hefty penalty, or even jail time.

Many dentists and oral care professionals fall for a common text message scam: IRS fines or unpaid utility bills. A scammer calls or texts your secretary pretending to be a water, gas, or power company representative and asks the secretary to pay the overdue bills. The employee may make the payment to realize later that it was a fraudulent attempt.

A variation of this type of phishing attack is for the scammer to accuse your dental clinic of owing the IRS back taxes and other fines that could result in business closure. Some clinic owners pay out of fear of an IRS audit or because they miss the relevant paperwork.

How to Spot a Scam Text Message

Most smishing attempts are often direct messages to the dentist’s phone number with a call to action or threat, such as “Your bank requires your personal information to verify your identity. Failure to respond immediately will incur a fee.”

Such text messages can drive some dentists into a frenzy, making them send their personally identifying information without thinking it through.

This segment highlights common text message scams to watch out for:

• Emergency text: this is the most common smishing tactic in the scammers’ playbook. Someone messages you urging you to wire funds immediately. This scam can come in all forms of emergency requests, including paying a hospital bill or bail money. The scammers want to trick you into sending funds quickly before you realize it is a scam.
• Personal information requests: anyone requesting your information should be a clear red flag. Simple messages from legitimate companies rarely or never request their clients’ personal information, primarily via text.
• Government messages: you must never give out your personal or financial details, even to government agencies. These entities seldom initiate contact via text or phone. They typically use formal channels like television or radio to convey national announcements.
• Misspellings or poor grammar: grammatical and spelling mistakes are tell-tale signs that the text message is from a fraudulent entity. Therefore, pay attention to how the message is addressed to you.
• Fake websites: scam messages often have links to fake websites urging you to click on them. Actual companies always have legitimate-looking websites with features like brand logos and trust seals.

Text message scammers are becoming masters of human psychology as they devise new and more sophisticated ways to dupe unsuspecting victims into sending their financial and personal data. They know exactly what to say to elicit an action from you.

How to Protect Your Office Against Text Message Scams

Training your staff and making them aware of possible security threats and breaches is the best defense against these scams. Security programs in your dental office should cover basic tips to keep your financial and personal records safe, like the following:

Don’t Respond

Any actions you or your employees take to a scam text message can put your office at risk of having your information stolen or blocked for ransom. Therefore, don’t reply or call the phone numbers. Acting too quickly is also a mistake. The scammer wants you to feel rushed and confused. Don’t fall into this trap by providing an immediate response.

Check Sender Information

We also encourage you to pay extra attention to the sender’s phone number. You can then find the source of the text message through a reverse phone lookup. Doing this will allow you to authenticate the sender’s identity and determine whether it is a scam text or a legitimate one.

Report or Block the Sender

Immediately after receiving the possibly fraudulent text message, please forward it to the Federal Trade Commission (FTC) at ReportFraud.ftc.gov or the Federal Communications Commission (FCC) at SPAM (7726). This allows the FCC and FTC to alert other dentists to the risks. Also, block the sender from your phone.

Avoid Clicking Links

This is perhaps the most important tip. You must avoid clicking any links in suspicious text messages or initiating contact with the sender. Doing so may compromise your phone or systems without you realizing it.

Scammers change their tactics all the time. Therefore, it is up to you to secure your phones and systems to avoid breaches and other privacy threats. Being prepared against smishing is only half the battle. You should also create a security policy with detailed steps in case you or your employee clicks on a fraudulent link or unsuspectingly shares sensitive information.

If You’re Still Unsure About Smishing, Let’s Meet

Knowledge is your greatest defense against text message scammers. While these scams may seem far less common than other phishing tactics, their fallout could be just as devastating.

NOVA Computer Solutions provides the best security service and support to protect your patient’s financial and personal records (and your own) from falling into the wrong hands. We offer a wide range of services, from complete turnkey solutions to IT support and consulting.

Contact us today for more information about text message scams and other, more advanced phishing tactics used by scammers and how to protect your systems from them.