How can you protect your dental clinic from business email compromise attacks?

How can you protect your dental clinic from business email compromise attacks?

Healthcare providers have recently been a major target for email scams. Between December 2020 and February 2021 alone, the number of phishing attacks targeting pharmacies and hospitals increased by a staggering 189%. Unfortunately, conventional phishing attacks aren’t your only cause for worry — your dental clinic could be at risk of falling victim to a business email compromise (BEC) scam too.

What is a BEC scam?

BEC is a type of phishing scam, but unlike conventional phishing attacks that are indiscriminate and sent to as many victims as possible, the former targets specific people. It’s similar to spear phishing in this regard, although instead of stealing sensitive information, its goal is almost always to steal money. For this reason, BEC scams target practice managers, office managers, executives, financial officers, or anyone in an organization who has the capacity and authority to do wire transfers.

Perpetrators carefully research their victims prior to launching an attack. Using a spoofed or stolen email address, they then pretend to be the victims' patient, client, superior, or colleague, telling the recipients to wire money to a specified bank account. The attackers may even use falsified invoices to demand payment from the victims.

And these tactics work. The FBI’s Internet Crime Report revealed that although BEC scams were not as common as conventional phishing attacks in 2020, they resulted in heftier losses. In fact, just 19,369 BEC scams cost victims $1.8 billion, while 241,342 conventional phishing attacks cost $54 million.

The FBI’s Internet Crime Report revealed that although BEC scams were not as common as conventional phishing attacks in 2020, they resulted in heftier losses.

How can you prevent BEC scams?

Detecting email fraud can be difficult, but it’s possible. Here are some tips to prevent BEC scams from impacting your dental clinic:

Protect your accounts

Reduce the risk of a BEC attack by making it harder for cybercriminals to steal or hack your email accounts. Encourage your team to observe password best practices. These include using strong unique passwords for each of their online accounts.

Enable multifactor authentication (MFA) if your email platform supports this feature. MFA requires users to input multiple authentication factors, such as biometric data and smartphone prompts, making it harder for cybercriminals to hack into an account.
Limit the ability to transact with money
People who can authorize big transactions and wire money should be limited to just one or two within your clinic. These individuals must be fully trained to handle BEC and other email scams.

Double-check the sender’s email address

Should you receive an email asking for money, it’s always wise to double-check the sender’s email address in case they’re using spoofed accounts. Watch out for suspicious characters, especially in the email address’s extension. For instance, a legitimate address may be “” but the email you received came from “” BEC attackers will always be as subtle as possible, so be extra careful.

Get to know your clients and colleagues

Observe how your clients and close associates write their emails. To convince you that they are who they claim to be, BEC perpetrators will employ various tactics to gain your trust, such as referring to you by your nickname in their correspondence. You can assume something is wrong when the supposed email senders do not write as they normally would.

Verify before wiring money

To really confirm the legitimacy of a money transfer request, check with the supposed senders themselves. It's best to confirm the request using another means such as via telephone. But if you choose to use email instead, don't reply to the original request. Instead, forward the email and manually input the correct email address in the field.

Avoid oversharing online

BEC perpetrators can get a lot of information about the people in your dental clinic without having to hack your system. All they need to do is check your social media accounts, most of which are viewable by the public. That said, avoid sharing too much information about yourself or your organization. Things like your nickname, birthday, or job position can be used by cybercriminals to attack your dental clinic or other companies you do business with.

Educate your staff

Preventing BEC attacks should be an organization-wide effort. Have experts train your staff on cybersecurity best practices. These include identifying and reporting email fraud, practicing proper online behavior, and protecting their online accounts.

BEC attacks are not as common as conventional phishing scams, but they can be more damaging to your dental clinic. It’s crucial that you take the right precautions and partner with cybersecurity specialists like HealthyIT to maximize your defenses against different cyberthreats. Get started by scheduling a free consultation with our experts today.