Avoiding “Phishing” and Spam Attacks On Dental Businesses

Avoiding “Phishing” and Spam Attacks On Dental Businesses

Tricks and tips to help steer clear of hackers and spammers

It rarely goes a week without the team here at Dental Media receiving a few calls or emails from dentists or their team members asking for advice where they have received a suspicious email, or worse, opened one, clicked a link and compromised their local IT system.

Whilst modern virus checkers are very good, not every business uses one or keeps it up-to-date, and this, coupled with employees who miss the signs of a suspect email, often results in problems.

Today I thought it would be useful to compile a short blog covering the main ways dentists and their teams can avoid being duped by malicious emails of this nature. We’ll also take a quick look at how to protect your dental website assets, such as contact forms, which spammers can potentially use to send you suspect content.

Install and maintain a high quality antivirus system

Whilst email servers, including our own, use robust systems to remove as much spam as possible at source, some malicious emails can still get through. To provide full protection, you should not just rely on remote systems, but also install top-grade local antivirus on your local systems. It goes without saying that you should keep this updated with the latest virus “definitions” to make sure that that your protection has the best chance of working.

Many modern anti-virus systems are also “intelligent” in that they can detect any unexpected changes to your file system and intervene accordingly. But please don’t trust that this will catch everything, you still need to exercise a good degree of care!

Learn to recognise a “phishing” email

Phishing emails come in a variety of different forms and can be very convincing. So-much-so that even with year of IT and web experience, there are some emails which I have to check carefully before I trust them. Hackers will try all sorts of ways to trick you and typically copy the format of emails which you might expect to receive from a well-known business such as a bank, utilities supplier etc.

Within these emails you will either find a malicious attachment which, when opened, infects your systems, logs your key-strokes and steals things like password data etc; or a link which takes you to a website which immediately tries to download malware or asks you to enter personal data. This could be to access your bank account or another nefarious activity like gaining information to spoof your identity.

So even where an email looks genuine, you need to be extremely cautious. Here are a few “giveaways” which will usually help you to identify the malicious email in amongst the genuine ones:

  • Check the sender’s email address – often they originate from hacked email accounts which are obvious if you inspect them closely. However, email addresses can be spoofed so this is not 100% effective
  • Check the technical header of the email as this can also show information which will illustrate that the email came from a malicious sender
  • Hover over any links in the email – but do not click them! Very often you will see the destination address of the link is some obscure website where the hacker has loaded a malicious download or a spoof form they want you to complete
  • Look out an email address which appears OK at first glance but isn’t the real one of the company it purports to be from. Hackers will register a domain which is very close to the original but may include a plural of a slight misspelling which, if you’re in a hurry, you’ll miss
  • Don’t click on URLs that you are unsure of – this includes shortened or abbreviated URLs; another favourite of the hackers and spammers. Annoyingly SOE, the practice management software, appears to use shortened URLs of this type in some of their patient email templates – this is not good for two reasons; lots of modern virus checkers will consider this to be suspect and block those emails and secondly, savvy web users will avoid clicking on them anyway. SOE are apparently aware of this.
  • Don’t attempt to open any attachment which you are not expecting or are unsure of

If you’ve gone through all of those checks and you’re still unsure, don’t click – the potential for harm is huge. Ask for advice or call the company directly for confirmation.

Stop spammers using your dental website contact form

Earlier generation website contact forms use a variety of methods to try to stop spammers using “bots” to automatically complete and submit them. This worked fine until the spammers found novel ways to get around the protection methods in place. Where they are successful, a deluge of spam, typically containing malicious links can result. To be frank it’s a constant battle with the spammers to try to stay one step ahead but invariably one you will lose eventually.

Fortunately there is a near-foolproof technique which can be used on contact forms to prevent this, namely the Google recaptcha system. We are now on version 3 of this system which provides a seamless user experience i.e. the user in not presented with a range of images to match before the form can be submitted. Google evaluates the traffic in the background and blocks what it considers to be suspect.

If you don’t have such a recaptcha system on your website already, particularly where the website is quite old, then we strongly recommend contacting us to have the latest anti-spam systems installed.


In the constant battle to stay ahead of hackers and spammers, you need to remain aware and also keep your IT systems appropriately protected. However, even with the best virus checkers and anti-malware systems in place, periodically a malicious email will still get through.

This is why members of the dental team who are responsible for opening emails need to be aware of what to look out for and be able to identify the tell-tale signs that an email is malicious. It takes a bit of practice but once you know what you’re looking for, the chances of clicking on a suspect link and getting something you weren’t expecting will be minimised.

For more advice or to upgrade your website contact forms, please get in touch with the team at Dental Media on 01332 672548.