Microsoft Scams – Dental Practice Alert

Protecting Your Practice

October is National Cybersecurity Awareness Month and it’s just in time. Recently there have been major spikes in the use of the Microsoft and Google brands in social engineering attacks. Your dental team needs specialized training to understand these and other types of cyber threats in order to protect your practice.

One of dentistry’s biggest online challenges is email phishing scams. Today cybercriminals have discovered it’s really easy to trick folks using tools they’re familiar with like Microsoft and Google. Mix that up with a good fake story with urgency, and it’s the perfect storm for a successful cyber-attack.

Steve Genge, CEO Alexio Corporation

Why Dental Practices are Targets

Now you might wonder, “Why would anyone target my dental practice?” Good question! Scammers prefer to target businesses that might not have strong security measures. Healthcare practices don’t typically have the same big budgets, and security professionals as big businesses. Plus, healthcare records, including dental, are gold mines for hackers.

Basic cybersecurity awareness training can improve security posture by up to 70%.

Tessian, 2021

Phishing Emails

Picture this: You’re at your desk, sipping coffee between appointments, and an email pops up. It screams urgency—”Action Required: Update your Microsoft Account Now” or “Google Alert: Unauthorized Device Detected.”

The email often has a link that directs you to what appears to be a legitimate Microsoft or Google login page. The page might even have the company’s logo, sleek design, and other familiar elements.

URL Spoofing

Another trick in the book is URL spoofing. Scammers create URLs that are a slight variation of the real thing. For instance, instead of “www.google.com,” it’s “www.goog1e.com” or “www.g00gle.com.”

Here’s some examples of tactics you might see used against you.

Social Engineering Attacks

Sometimes, the scam goes beyond emails and websites. Scammers may impersonate your IT support, leading you through a series of steps that culminate in you logging into a fake Microsoft or Google page, all under the guise of resolving some technical issue.

How to Outsmart the Scammers

1. Verify the URL

Before you punch in your username and password, always check the URL. It should be exactly “https://www.google.com” or “https://www.microsoft.com” for their respective services. Anything else should raise red flags.

2. Inspect the Email Content

Emails from legitimate companies are usually well-crafted. If you notice grammatical errors, odd formatting, or generic greetings like “Dear User,” proceed with caution.

3. Enable Two-Factor Authentication

Two-Factor Authentication (2FA) is like the dental sealant of the digital world; it offers an extra layer of protection. Even if a scammer does manage to snatch your password, they won’t get far without the second verification step, usually a code sent to your mobile device.

4. Reach Out to Support

When in doubt, directly contact your IT support team or the customer service of the company in question. Use a verified phone number or email address to confirm if the alert is legitimate.

5. Training and Awareness

The best way to protect your practice is through education. Get cybersecurity awareness Make cybersecurity a recurring topic in your staff meetings. You can also display posters or share articles (like this one!) to keep everyone updated on the latest threats and preventive measures.

October may be National Cybersecurity Awareness Month, but in our rapidly evolving digital landscape, every month needs to be cybersecurity awareness month. Treat cybersecurity with the same diligence as oral hygiene in your practice. As we all know, prevention is better than cure!

Embrace the spirit of Cybersecurity Awareness Month by taking proactive steps to protect your digital assets. We can’t eliminate all risks, but with awareness, preparedness, and vigilance, we can significantly minimize them—ensuring that practices run smoothly and securely, leaving us free to focus on what we do best—caring for patients.

Anne Genge, Certified Information Privacy Professional, Certified Healthcare Cybersecurity Professional, Certified Healthcare Security Risk Assessment Specialist. Anne is the founder of Myla Training Co., Canada’s first-ever online privacy and cybersecurity training platform for dental professionals. With over two decades of experience, Anne has become a leading expert and trainer in this field. Anne collaborates closely with practice owners, managers, dental teams, and IT providers to ensure the safety of patients and practice data while enabling compliance with privacy regulations.

Anne can be reached at anne@myla.training or call 877-363-9229 x702

Share This. Together we can make dentistry safer online!