Dental Cyber Threats Are Rising  & Here’s What the FBI Wants You to Know

The FBI recently contacted the American Dental Association (ADA), urging dental offices to train their staff and proactively manage their IT infrastructure. This alert follows a rise in cyberattacks targeting oral and maxillofacial surgery practices, after similar attacks were launched against individual surgeons the year prior. 

Among the threats highlighted, the FBI warned of three common types of cyberattacks: Phishing, Smishing, Spear phishing, Whaling, and Vishing. 

Phishing 

Phishing is a cyberattack that occurs via email. Attackers send fraudulent emails containing malicious links or attachments, attempting to trick recipients into clicking or downloading harmful content. While phishing is not new, it has become increasingly difficult to detect due to the advancement of Artificial Intelligence (AI). Today’s cybercriminals can craft well-written, personalized emails that appear legitimate, increasing the chances of success. 

To defend against phishing, dental offices should proactively train their teams to recognize suspicious emails and avoid engaging with them. In addition, implementing strong email filtering systems and following recommended email security best practices. 

Smishing and Vishing 

Smishing, short for SMS phishing, occurs through text messages or messaging Apps, while Vishing involves phone calls and voicemails. Although Neither of these attacks are new, advancements in AI have giving them new life. Attackers can use Ai to alter their Voices, remove foreign accents, and mimic someone familiar, making it easier to deceive unsuspecting victims.

Without proper training, staff may unknowingly click malicious links sent via text, disclose sensitive information over the phone, or fill out fraudulent forms with critical data. The most effective defense against smishing and vishing is employee training. By educating your team on how to recognize and respond to these threats, your practice can significantly reduce the risk of falling victim to these increasingly sophisticated attacks. 

Spear Phishing & Whaling 

Spear phishing is a targeted email attack that appears to come from a trusted contact, aiming to deceive a specific individual within an organization. Whaling, on the other hand, specifically targets high-level executives. While both attacks use email as the method of delivery, like phishing, they differ in their target. Phishing casts a wide net, attempting to deceive anyone in the organization, whereas spear phishing and whaling focus on high-value individuals, often referred to as the “big phish.” 

Cybercriminals frequently leverage social media to gather information about their targets. By referencing recent events or personal details shared online, attackers can craft messages that feel personal and legitimate, increasing the likelihood of a successful attack. To mitigate this risk, it is recommended that individuals, especially executives set their social media accounts to private and only accept connection requests from people they know and trust. 

Protective Measures 

• Train staff to spot red flags in emails (e.g., urgency, unknown senders, suspicious links). 
• Implement enterprise-grade email filtering and anti-phishing solutions. 
• Adopt a zero-trust mindset: Never click until you verify. 
• Conduct regular training to help employees recognize suspicious texts and calls. 
• Encourage a policy of “verify before you respond”—especially sensitive requests. 
• Use caller ID validation tools where possible. 
• Encourage privacy settings on personal and professional social media accounts. 
• Avoid sharing sensitive work-related details online. 
• Use multifactor authentication (MFA) for email and system access. 

Looking to secure your dental office from today’s threats?
Schedule a free security consultation with Unebyte today →