Why Scammers Love Dental Practices—and What Every Dentist and Team Member Needs to Know
By Duane “The Toothcop” Tinker
A Hat Tip to a Trusted Friend
A few weeks ago, my friend and colleague, healthcare attorney Jeanine Lehman, published an excellent article warning dental practices about several scams that continue to target dentists and their teams.
Jeanine highlighted scams involving fake jury-duty notices, toner sales, directory listings, and other schemes that have victimized healthcare offices for years.
Her article got me thinking.
Because while those scams are still very real, they’re only part of the story.
Over the years, I’ve seen dental practices targeted by fake regulators, fake vendors, fake IT companies, fake insurance representatives, fake government agencies, fake patients, and cybercriminals halfway around the world.
The technology is getting better.
The scams are getting smarter.
And unfortunately, many dental teams are still unprepared.
Here’s the uncomfortable truth:
• Scammers don’t target dental offices because they’re easy targets.
• They target dental offices because they’re busy.
• Phones are ringing.
• Patients are checking in.
• Insurance companies are calling.
• Treatment is happening.
• The doctor is running behind.
• And scammers know exactly how to exploit distraction.
Let’s talk about some of the scams every dental office should have on its radar.
And more importantly, how to keep your team from becoming the next victim.
The Dental Board Call That Almost Worked
Recently, one of my clients received a phone call that appeared to come from a state dental board representative (caller ID).
The caller identified himself by name.
Provided a title.
Referenced the dentist’s license status.
Provided a case number.
And even provided what proved to be an actual telephone number associated with the Dental Board.
At first glance, everything looked legitimate.
In fact, most dentists probably would have continued the conversation without hesitation.
The caller sounded professional.
Calm.
Knowledgeable.
He wasn’t demanding gift cards.
He wasn’t threatening arrest.
He wasn’t acting like the stereotypical scammer we’ve all been trained to spot.
But something didn’t feel right.
And that’s exactly why this story matters.
Because modern scams rarely succeed by being ridiculous.
They succeed by being believable.
The caller had checked enough boxes to create confidence.
But not enough boxes to establish authenticity.
Fortunately, my client paused and started asking herself a different question.
Not:
“Does this sound official?”
But:
“Does this sound like the way the Dental Board would actually handle this?”
And that’s when things started to fall apart.
I’ve been gone from the Board for quite some time, but I still remember how things work. I did the job and there is a certain way they do things.
Trust the Process, Not the Caller
One of the most important lessons I’ve learned in compliance is this:
Regulators have processes.
Whether you’re dealing with:
• A State Dental Board
• Medicaid
• OSHA
• DEA
• HHS Office for Civil Rights
• An insurance carrier
• Or your local police department
These organizations generally operate through established procedures.
Investigations have processes.
Complaints have processes.
Audits have processes.
Disciplinary actions have processes.
Formal requests have processes.
That’s why one of the smartest questions you can ask yourself during any unexpected call is:
“Does this match the agency’s normal process?”
Notice that’s different from asking:
“Does this sound legitimate?”
Because scammers can sound legitimate.
Caller ID can be spoofed.
Phone numbers can be copied.
Public records can be searched.
License information can often be found online.
A scammer doesn’t need to know everything.
They only need to know enough.
Enough to get you worried.
Enough to get you talking.
Enough to get you acting before you start thinking.
The dentist in this story avoided becoming a victim because she trusted the process, not the pressure.
That’s a lesson worth remembering.
The Jury Duty Scam Is Alive and Well
Jeanine’s article discussed the Travis County jury-duty scam, and similar versions continue to appear throughout Texas and across the country.
The caller claims to be:
• A deputy sheriff
• A court clerk
• A judge’s office
• A federal agent
They tell you:
• You missed jury duty
• A warrant has been issued
• You must pay immediately
• You must remain on the phone
Sometimes the caller ID even displays a legitimate government phone number.
That’s because scammers can spoof phone numbers.
The giveaway?
Urgency.
The moment someone demands immediate payment through gift cards, cryptocurrency, wire transfers, or prepaid cards, the conversation should be over.
Hang up.
Verify independently.
Call the court directly using a publicly listed number.
And if you’re unsure, call your attorney right away!
The Toner Scam Refuses to Die
You’d think this scam would have disappeared years ago.
It hasn’t.
A caller contacts the office asking for the make and model of your copier or printer.
The conversation sounds routine.
Professional.
Harmless.
A few days later, toner arrives that nobody ordered.
Then comes the invoice.
Usually overpriced.
Often accompanied by aggressive collection attempts.
The scam succeeds because someone assumes:
“Well, it arrived, so somebody must have ordered it.”
Never make that assumption.
The Directory Listing Scam
Jeanine highlighted another classic scam that continues to evolve.
The scammer calls and asks seemingly innocent questions.
“Are you the office manager?”
“Are you open on Tuesdays?”
“Do you accept credit cards?”
The goal isn’t the answer.
The goal is recording your voice.
Later, the office receives an invoice for advertising that nobody authorized.
When challenged, the scammer may produce a manipulated recording that appears to show someone approving the purchase.
It’s deceptive.
It’s fraudulent.
And it still works.
The DEA, FBI, and Law Enforcement Scam
This one terrifies healthcare professionals.
The caller claims to represent:
• DEA
• FBI
• State investigators
• IRS
• Attorney General
• Local law enforcement
When I was a state investigator, I called on dental offices all the time, but I had the Riz and the proof to unlock doors that needed unlocking.
I won’t share my secrets here.
No reason to educate scammers.
Over the years, though, I have had clients receive legit calls from the DEA (talk about pucker factor), OCR, the FBI and yes – even the dental board.
I have heard THEIR frustration, as they, too, have to contend with healthcare providers they have business with that they are the real deal.
In case you are wrong about a scam caller (and they turn out to be legit) don’t be unprofessional, even if you believe the caller is a scammer.
There’s nothing like poking a bear and winding up with two neanderthal-looking DEA Diversion Investigators with their DEA raid jackets on at your front desk. Wink!
This sort of thing tends to frighten patients and prompt rumors among your neighboring dental offices.
Anyway, back to the scammers.
Here’s the scary part:
• They often know things.
• Your license number.
• Your practice address.
• Your NPI.
• all of which can be found on the Internet.
Then comes the accusation.
Improper prescribing.
Controlled substance violations.
Drug Diversion.
An active investigation.
And then comes the pressure.
“You must act immediately.”
You panic because you remember that one prescription you wrote to (friend, family, employee) that was not exactly ‘above board’.
Oh Sr*#!
Your knees buckle at the thought.
Remember:
Real government agencies do not resolve investigations through gift cards, wire transfers, cryptocurrency, or prepaid debit cards.
Ever.
But taxes… don’t even get me started on taxes!
The Credentialing Scam
This one should concern every dentist.
Someone claims to be:
• Medicaid
• CMS
• An insurance carrier
• A credentialing company (you did not hire)
• A provider enrollment specialist (you did not initiate contact with)
Then they request:
• NPI information
• CAQH information
• EFT information
• Banking information
• Credit card information
• Login credentials
Think about what they’re asking for.
That’s enough information to create massive problems.
Always verify independently before providing credentialing or banking information.
Always.
The Cybersecurity Scam
This is one of the fastest-growing threats facing healthcare.
Someone calls claiming:
• Your Microsoft account is compromised
• Your Gmail has been hacked
• Your patient data has been stolen/encrypted
• Your HIPAA compliance has failed
• Your network is infected
Then they ask for:
• Passwords
• Security codes
• Remote access
• Multi-factor authentication credentials
And suddenly, if you’re not paying attention, you’ve handed over the keys to the kingdom.
Including patient information.
Including financial information.
Including potentially thousands of records.
Now you’re not just dealing with a scam.
You may be dealing with a HIPAA breach.
Don’t hide from it.
Get in front of it, quickly.
Call your Toothcop, your attorney, your insurance agent, your I.T. company – right away
The Fake Patient Scam
Not every caller is actually a patient.
Some are gathering information.
A “new patient” calls.
They’re friendly.
Professional.
Seemingly normal.
But they ask a lot of questions.
Questions about:
• Refund policies
• Payment methods
• Insurance processing
• Electronic payments
• Credit card procedures
Train your team to recognize information gathering.
Not every caller is seeking treatment.
Some are seeking intelligence.
Teach your staff not to give out private information without your express permission.
The One Thing Every Scam Has in Common
Years ago, I received a call from someone claiming to represent a government agency.
They sounded convincing.
Professional.
Confident.
They knew enough information to make the conversation feel legitimate.
But then came the demand:
Immediate action.
No time to think.
No time to verify.
No time to call anyone.
That’s when I knew.
Because scammers thrive on urgency.
Urgency shuts down critical thinking.
The moment somebody says:
“You need to do this right now.”
That’s usually the moment you should slow down.
Not speed up.
The Four Questions Every Employee Should Ask
Before giving information.
Before clicking a link.
Before making a payment.
Before changing banking information.
Before responding.
Ask:
1. Who is this really?
2. How can I independently verify them?
3. Does this match the process I would expect from this organization?
4. Why are they creating urgency?
If those questions can’t be answered confidently…
Stop.
If you can’t think of what to say just hang up.
Remember, you ALWAYS have the right to remain silent.
Sometimes you just should.
Buy yourself time to reason through a plan.
What To Do If Your Practice Becomes a Victim
If your office falls victim to a scam:
• Notify leadership immediately
• Preserve evidence
• Contact legal counsel
• Contact your bank if financial information was involved
• Contact law enforcement when appropriate
o Report cybercrimes to the FBI Cyber Crimes unit (they have a website)
• Contact your I.T. company
• Contact your cyber-liability carrier if systems were affected
• Assess whether patient information may have been compromised
If protected health information was involved, HIPAA breach-notification obligations may apply.
Don’t guess.
Get professional guidance immediately.
The Toothcop’s Take
Here’s what I tell every dental team I train.
Most scams don’t succeed because criminals are brilliant.
Most scams succeed because good people are busy.
Dental offices are chaotic places.
Patients are waiting.
Phones are ringing.
Treatment is happening.
And scammers know it.
They’re not targeting stupidity.
They’re targeting distraction.
One of the smartest dentists I know recently avoided becoming a victim of a sophisticated scam.
The caller knew license information.
Sounded professional.
Provided what appeared to be a legitimate Board phone number.
What saved her wasn’t technology.
It wasn’t luck.
It was understanding that regulators have processes.
When the process didn’t make sense, she slowed down and verified.
That’s exactly what I hope you and your team will do.
Train your team.
Verify independently.
Slow down when somebody creates urgency.
And remember:
Trust the process, not the pressure.
I’d much rather see you spend five minutes verifying a legitimate request than spend five months cleaning up a scam.
Special Thanks
Special thanks to my friend and colleague, Jeanine Lehman, for her original article on dental-office scams and for allowing me to expand on this important topic.
Go read Jeanine’s original article at Jeanine.com
Jeanine Lehman is a Round Rock, Texas attorney with a statewide practice, including dental, medical, health, business, and real-estate law.
Website: www.Jeanine.com
Phone: (512) 918-3435
Email: Jeanine@Jeanine.com
This article (none of my articles) is not legal advice.
’til next time, remember to always tell the Tooth, the whole Tooth, and nothing but the Tooth!
— Duane “The Toothcop” Tinker