Everyone I’m sure has heard a lot about ransomware, but ransomware isn’t the only threat out there, and the number 1 reason offices are hacked is sometimes due to lack of knowledge and understanding of just how scammers operate. Just to give everyone reading this an idea of how prevalent this is, the Competition Bureau put out statistics showing that “between 2014 and 2017, Canadians lost over $405 million to scammers.”2 So, not only is everyone going to be better informed about the threats that are out there and how to best avoid them, but further understand just how far a scammer is willing to go to obtain personal and private information as well as how you, as a potential victim, can protect yourself
Only recently, our CSR took a call from a dental office, asking her about a popup that seemed legit and provided a link. She clicked the link. Our own CSR knew that this particular office was in trouble and would need tech support immediately.
How did our CSR know? And what did the office do wrong?
Before I go on to answer this question, it is important to understand first the certain ways scammers can and will attack:
Dental offices have a lot to offer scammers, including a whole host of patient information, including credit card numbers, SIN numbers, personal addresses, and more. That makes these places prime targets for scammers.
What are you up against?
The phishing scam
No, this is not a summer sport. Far from it! This is a tool that scammers use to “fish” for personal and financial information. Phishing, according to Webster’s Dictionary, is a scam by which an email user is duped into revealing personal or confidential information. There is not one Canadian that hasn’t come across this before. The phishing scam usually includes the use of emails, texts, or pop-ups that look completely legitimate and seem to be offering a refund or attempting to validate an account. Here are a few tricks to help see through these potential threats:
- Misspelled words (this is common)
- Bad grammar
- type of information being requested (banking info, credit card, SIN number)
- The wrong date used
Phishing scams can come from what are believed to be legitimate websites, such as Facebook, LinkedIn, and Indeed.com.
According to Webster’s Dictionary, spyware is computer software that secretly records information about the way one uses their computer. Basically, spyware does what the name suggests, it spies on the victim by tracking their movements on their computer and online. Isn’t this what a creepy stalker would do? And that is the point. Spyware is essentially a stalker that can’t be seen but can definitely see its victim. According to Avg.com , once it is on the system, spyware goes unnoticed, working in the background7; it’s also incredibly difficult to remove and creates a lot of chaos by doing the following:
- making changes to your computer to slow it down
- Tracking your keystrokes (tracks passwords and communications)
- Adding additional components to your browser
- Taking control of your computer
- Displaying ads or software that track personal or sensitive information
Again, the name says it all. Scareware is a type of malware that uses social engineering and fear tactics to trick victims into purchasing and downloading unwanted and potentially dangerous software.8 Depending on where someone is browsing, these tend to pop up to give the heart a jolt. And they are effective! The purpose: for a potential victim to get scared enough to download their program so the scammer can then attain personal and financial information.
I could go on and on about firewalls, antiviruses, and strengthening passwords, all of which are incredibly important when it comes to protecting oneself from becoming the next victim; however, it is just as important to understand that all the technological protection in the world can’t protect against human error. So, how can one prevent themselves from becoming a victim in each one of these scams? Be in the know.
Solutions are available
Delete the email. Here is the hard and fast rule to remember: Legitimate companies never ask for information by email or text—this includes banking institutions and the Canadian Revenue Agency (CRA). And if you are still unsure and the email has scared you enough that you feel you need to take some kind of action, just call the number on the back of your bank card to verify, or you can even call the institution directly and put your mind at ease. Never call the number on the email and never reply to the email. Just delete it and forget it.
These are usually banner ads or emails disguised as antivirus or antispyware programs. They can be very enticing and may even look legitimate. But don’t be fooled. If you receive an email with this kind of ad, delete it. Delete any message in which the sender is unrecognizable to you. When it comes to banner ads, avoid them at all costs. Do not click for any reason.
When agreeing to any kind of free software service, you are agreeing to spyware on your computer. Like any free music or game service, once you agree to their terms, you have accepted their spyware as a fair tradeoff. Spotify is a decent example of this, giving you the choice of whether to agree and enjoy free music or disagree and give up the application. Here is the hard and fast rule: When installing anything on your computer, always read the fine print, including the license agreement and privacy statement. Don’t agree until you know exactly what you’re agreeing to.
Make sure all your applications are updated so as to prevent this type of malware as bugs usually occur with a program not updated regularly. Here is the hard and fast rule to remember, regarding scareware: It is just there to scare you into clicking on the link or popup provided. What do you do? Nothing. Don’t click on it just get away from it as fast as you can.
If you are suddenly bombarded with pop-ups, the best thing to do is close the browser. If you find that it doesn’t work, do a hard shut down. I have had to do it before and though it isn’t fun, it’s necessary. Once you are back up and running, be sure to do a quick virus scan to make sure all is still well.
To stay safe, the Canadian Anti-Fraud Centre recommends you don’t click on any suspicious pop-ups, be careful to only allow downloads from trusted websites, and never give anyone you don’t know or absolutely trust remote access to your devices.”2
Let’s get back to the questions from earlier:
How did our CSR know the dental office that clicked on the link in the pop-up was in trouble? And what did that office do wrong?
To answer, our CSR is well aware of online scams and how they work. Like her, by now, you know that you should never, under any circumstances, click a link in a pop-up or email or text. Don’t do it. That’s unfortunately where this office went wrong.
If this happens to you, what do you do? Close the browser, and if that doesn’t work, do a hard shut down.
On the phone
CTV news put out an article in May of this year, detailing the newest digital scams, including Smishing. If you’re not sure what this is, it’s SMS phishing. This is when the victim receives texts that are meant to provoke the victim into giving up valuable banking or credit card information. A popular scam is the scammer sending a fake text saying there is a problem with one of the victim’s accounts, or (like I’ve just experienced recently) a fake text saying that the victim has received a refund via e-transfer. When my dad received this particular text, he was at first confused and said that he wanted to call the bank just to be sure.
Is this the right move?
Yes. This is one hundred percent the right move. Call your bank or call the number on the back of your credit card just to verify that nothing “phishy” is going on there.
I see these texts so often that I now have a system for how to handle them:
- Block. It’s easy and all cell phones should have this capability. I find that when I do this, I don’t get another text (at least not from this particular scammer)
- Delete. Also easy. There is no reason to look at these texts. NEVER click the link provided for any reason, and NEVER call the number provided or reply to the text.
If you are the one answering the phone in the dental office, you might receive phone calls from scammers. They are infesting every bit of technology they can get access to, this includes older technology, like the landline. So you might receive an automated message from the CRA or Immigration Canada (IC), either to get a refund you never knew about or to pay a bill you never knew about. Usually the message is short and gets right to the point: The victim owes back taxes and need to pay money to correct the issue, or they will be arrested or deported.5
As a part time customer service representative, I get these calls nonstop and I’m sure you do, too.
Here is what you need to know:
- Scammers pretending to be CRA and IC don’t know the rules. And one of the biggest rules is that these types of government institutions do not call or send emails; they send registered letters. There’s an authentic stamp, a phone number, and a reason, so you’re not guessing.
- CRA and IC are government agencies and they know the right number to call if they ever decided to. They are not going to call a support line or a dental practice number.
For more information on the way these government agencies work and what they will not do in order to get in touch with someone, click here.
What do you do?
Hang up. Don’t talk. Don’t engage. Don’t call back. I endure these threats on a weekly basis; in fact, just yesterday, I received a call on my personal line here at work and I just shook my head, rolled my eyes, and hung up the phone.
This happens much less often, but scammers are getting a lot more brazen, not even bothering to cover up their attempts to scam you. Keep an eye out for written or even typed letters showing up in your mailbox, offering large sums of money to buy your house or even your practice. Twice, my family has received a handwritten (in black sharpie) letter on loose-leaf paper. Once the loose-leaf was even yellow. It is important to stay vigilant and always ask for ID when someone claiming authority comes to the door.
Right now, these constant scams are a fixture of our work and personal lives; and until the practice is somehow abolished, we have to deal with it. But take comfort in the knowledge that you can keep yourself safe simply by staying vigilant online, on your phone, and even in the office. The more you know the better protected you will be, which is why, provided below are a list of informative resources for you to check out. Share these resources with friends, family, patients, and colleagues and help them all stay safe, too.
- Learn to Protect Yourself From Scareware Scams
- Three digital scams to watch out for
- Phishing alert: GDPR-themed scam wants you to hand over passwords, credit card details
- 12 Tips to Protect Your Company Website From Hackers
- Scam Alert – Fraudsters Pose as Canada Revenue Agency
- About Spyware
- What is Spyware? by Jonathan Lemonnier
- What is… Scareware?
- Government of Canada Help Centre