Two weeks ago, several members received fake emails instructing them to pay their membership invoices. Within the emails, members were told to wire funds to pay their dues. This phishing scam has been investigated and linked to an out-of-state bank account. A police report has been filed and the situation will continue to be monitored. It appears that these hackers obtained a handful of email addresses, but no specific identity data. Members can safely and a securely pay their dues at cdaonline.org/renew or by check (mailed to the CDA, 8301 E. Prentice Ave., Ste. 400, Greenwood Village, CO 80111). Auto renew and installment payment plans are also available.
Educate your office about cyber hacks. Scammers often add official logos or real contact information to their fake emails to make their emails look genuine. They often forge the sender’s email address so the message appears to come from a legitimate person, which is what happened in the membership dues instance, mentioned above.
Tips to avoid being a victim of hacking:
- If an email looks odd to you (misspellings, misuse of words, poor grammar, poor formatting, etc.), be suspicious and investigate before acting.
- If the email demands money, especially by wire transfer, do not click on any links or reply to the message. Call the sender to verify but use caution with the number you dial (any phone number listed in a suspicious email could be a false number).
- Implement “multi factor authentication” (MFA) on your computer login accounts that have access to important information. When you have MFA enabled, you are asked to provide your username, your password, and “something else” to log in. The “something else” can be an acknowledgement via your smartphone that authorizes a login, a one-time six-digit code, or a physical digital key on your laptop. MFA will protect you if a hacker obtains your password.
- Train your staff to recognize and avoid “phishing emails.” There are various training options available from third parties. The ADA uses Wombat Security computer-based training. This article has some good information about phishing training.
- Teach your dental team to be cautious of “phishing emails” and other suspicious messages. There are some additional tips and links to other resources here. For more information, visit the Federal Trade Commission’s consumer information on phishing.