Use these tips to protect yourself against Internet imposters, scams, and shakedowns

It used to be that viruses and hacking were more sport than fraud. Computer geniuses tested their skills and wreaked havoc on a global scale just to prove that they could outwit Steve Jobs and Bill Gates. It was essentially nerd warfare.

That has changed drastically.

Now, there are people who spend all of their time creating Internet schemes, scams, and shakedowns to bilk you out of your money. These imposters prey on the vulnerability of your medical practice by infiltrating your business through emails, faxes, phone calls, and direct mailers. Their intention is to infect your computer with viruses, commandeer your database and patient information, charge you for services you don’t need or never bought, or offer you services that are impractical or potentially harmful.

The imposters’ insidiousness must not be underrated, and it should never be overlooked. To make as much money as they can without getting caught, they prey on your ethics, your humanity, and your Internet needs.

They know that you have to receive emails in order to do business. They also know that you need Internet advertising, strong search-engine rankings, and a functioning Web site to attract potential patients. Therefore, they spend time perfecting their deceptions, just like you spend time perfecting your procedures—and just like yours, their methods improve every day.

However, by applying the following common-sense tips in your practice, you can combat these imposters and prevent your practice—and its computer system—from being infiltrated by their schemes.

Install protective software. Consult a local IT professional (not your brother’s wife’s precocious nephew who happens to be good at video games) to install protective software and to implement policies and procedures for how you and your staff handle email and other online communications. Also, have policies in place regarding downloading software—especially free software offered online—onto your practice’s computers.

With the recent hype surrounding the avian flu, scammers have used emails with subjects like “Outbreak in North America” and “What is avian influenza (bird flu)?” to distribute the Naïve.A Trojan horse virus to computer users around the globe. (They even spelled “influenza” correctly, so you know they are getting better at what they do.)

These messages appear authoritative. Many mimic the “from” addresses of physicians, hospitals, and universities. But rather than containing clinical information and advice, their attachments delete or destroy your computer files. And many such viruses allow the scammers to gain remote control of the infected computer—your computer—where sensitive financial and patient information may reside.

Imagine this scenario: Your ever-so-thorough receptionist sees an email from another physician and opens it. Then, she decides to print out the attachment and leave it on your desk for you to read. But she has no way of knowing that the other “doctor” is an imposter, and the document she just opened to print has decimated your database and broadcast the billing information for you and all of your patients.

That’s the nightmare scenario. It will cost you time and money to fix this problem, and your patients will be affected in ways you can only begin to imagine.

Protect your domain name. Your domain name—your Web site address—is perhaps your most valuable online asset. Consider the cost to your practice if that address were lost or hijacked. To prevent this from happening, make sure you know where your domain names are registered, in whose name they are registered, how they are maintained, and when they expire.

If you know you’re going to be in practice for the next 20 years, register your domain name for 20 years. You won’t have to worry about renewing it for a while, and having a domain name with long-term registration can actually boost your search-engine rankings.

Consider this common scenario: You, or your office manager, receive a domain-name renewal invoice by fax or postal mail. According to the bold print, your domain name will soon expire and you should renew now for a nominal fee.

What you missed when you skipped over the fine print in the rush to renew was the miniscule notation that, “This is a solicitation, not an invoice.” That’s funny; it sure looked like an invoice. Only now your payment constitutes a contract, one that commits you to moving your domain name from your current registration service to this new third party—out of your hands, and away from your direct control.

Domain names aren’t the only things that scammers are trying to get you to “renew.” Many of these online imposters will construct elaborate charades designed to convince you that you have had an advertisement running on their site for a full 12 months, and now it is time to renew.

Evaluate every invoice, and verify the payment history. Any time you receive a renewal notice, make sure your accounts-payable staff or your bookkeeper calls each vendor to make sure the company—and the notice—are legitimate. Have procedures in place to verify that bills are paid to existing vendors and that records of past payments are on file. Verifying the payment history will also enable your accounting staff to confirm that the amount of the invoice is consistent with historic payments.

Paying careful attention to your bills and their methods of receipt can go a long way toward protecting your practice. Scammers know that you are a brilliant surgeon and that time is a very precious commodity. They prey on your desire to engage in fair business practices and to pay your bills on time. That’s what makes them so sinister.

In a recent case, one company “borrowed” the reputation of two popular and very respected industry Web sites to trick surgeons into sending their credit card information to the company. Its fraudulent invoices looked like they came from a well-known, trustworthy company, and included names that sounded like prominent industry players. To protect your practice from this scheme, take the time to carefully evaluate every invoice. If you foil only one imposter, it will be worth all the trouble.

Do not buy keywords. If someone offers to sell you keywords, run away as fast as you possibly can. This is an incredible waste of your money, and it could really hurt your practice’s bottom line. You would benefit far more by investing that money in a conservative, locally targeted pay-per-click strategy or by spending a fraction of it on the regular search-engine optimization of your Web site.

At Etna Interactive, we get calls all the time from the aesthetic surgeons and medical-spa operators we serve requesting our advice about the online-service offers they receive. So imagine our surprise when we received a call from a company selling keywords.

Its sales pitch was inspired: “You can own the words ‘Web sites for cosmetic surgeons’ forever! Every time someone searches for that phrase, your site will be in the number 1 position. For­ever!” It sounded good on the surface. Heck, it sounded great. You buy keywords, and when someone types that word in a search engine, they get shepherded directly to your site.

But here’s the rub: It works only when the searcher’s computer has been hijacked by a certain kind of software (commonly called scumware) that they didn’t even know was installed in their computer. There is nothing illegal about this—it’s not quite a scam in the attorney general’s sense of the term—but it is a vile practice that attracts the wrong kind of attention.

One of my clients actually fell prey to this offer before I could intervene. For “just” $16,000, my client was able to buy the keyword “liposuction.” And as the representative had promised, it really made my client’s phone ring.

In the 3 weeks it took for me to get the contract terminated, computer users from around the world called—screaming through the line—insisting that the physician remove whatever virus he had installed on their computers that was taking over their search results.

Never give out the practice’s personal or financial information online. No legitimate business or financial corporation will solicit you via email to verify your personal and financial information, nor will they do the same for your business or your practice. Today’s computer combatants, on the other hand, battle for it—and will do everything they can to steal it. Let’s face it: They don’t want your identity so they can pretend to be you at parties. What they want is your money.

Therefore, be suspicious about urgent emails that require you to update this information. If you can, call the company named in a suspicious email to verify its authenticity or to address the issue in the email. If you must click the link because you cannot find the phone number, look closely at the Web-site address to see if it really is what you think it is.

Discuss this issue with your staff. Make sure they never give out company information online, and make sure they know not to respond to such inquiries. Due diligence is a legitimate form of protection, and it can be highly effective if your staff know what to look for and avoid.

“Phishing” is the new cyberword for email requests that look like they come from Citibank, eBay, Earthlink, or any online business. The emails have company logos and brand names, and they look remarkably real.

Their basic call to action is that your account needs some kind of attention, and clicking on the provided link will bring you directly to the account-update information page. On that page, you are given prompts to update all of your personal information—and that information goes straight to the imposters.  

Like any mecca of commerce, information, and humanity, the Internet has its dangers and its treacheries. However, the potential for success online is almost unquantifiable. A little due diligence goes a long way in these circumstances. As long as those of us who use this incomparable tool protect our interests and strive for the best the Internet has to offer, the imposters will not win out. PSP

Ryan Miller is the president of Etna Interactive, a Web-marketing consultancy that serves elective health care providers nationwide. He can be reached at the company’s Web site, www.etnainteractive.com.