Email Safety | 5 Ways to Spot a “Phishy” Email
Quick Tips & Best Practices
We rely on email for many functions of business today. This makes it an excellent tool for bad actors to exploit. Email is one of the quickest and easiest opportunities threat actors have at their disposal.
Threat actors have gotten good at using our busy days and frequent use of email to trick users into providing information, making mistakes, or taking actions. That may look like tricking an Accounts Payable employee into wiring payments to a different account number or getting a user to enter login credentials by pretending to be a well-known company and sending a fake “response required”, “unusual activity”, or “update account details” email.
In the busy day-to-day, here are a couple of tips to keep in mind for practicing email safety both in your work and personal life so you don’t fall victim to these manipulation tactics.
5 Signs an Email Is Suspicious
Bad actors find success when their targets are busy, hurried, and accept things at face value. When you get a suspicious email, PAUSE and check to see if any of these signs are present:
| P | Passwords or sensitive info requested | Pay attention to what the email is asking you to provide (passwords, social security numbers, account information, credit card info, etc.). This information shouldn’t be shared via email. |
| A | Attachments you weren’t expecting | Don’t trust attachments you didn’t ask for and avoid opening invoices, Word docs, and any other attachments that you didn’t request or weren’t expecting |
| U | Urgency or intensity in the tone | Notice the tone- is the sender requesting secrecy, stating something is past due or urgent, and generally trying to make you react quickly? |
| S | Sender name & domain don’t match | Check if the sender’s display name and email address don’t match, (name shows as John Smith, but the email is ra4azeu526@gmail.com) or if the email address domain is unfamiliar (usually from @company.com but this email is coming from @business.com) |
| E | Errors in spelling & grammar | Particularly from reputable, large companies, pay attention to spelling and grammar mistakes |
Best practices if you think an email is suspicious:
- HOVER, don’t click
- Don’t blindly trust the display text, use your cursor to hover over links. This will display what the embedded link address is and give you more information. When in doubt, don’t click.
- DELETE, don’t engage
- Err on the side of caution and delete the email from your inbox rather than unsubscribing or engaging with it at all.
- VERIFY, use a different method of communication to verify the source
- Don’t respond to the email. Call, text, or chat with colleagues/vendors/executives to verify that email requests are from them.
- LEAVE, go directly to vendor websites instead of through the email
- Open your browser and go directly to the company’s website to log in to any accounts, change passwords, etc. Don’t go from any links in the email to reset passwords.
When it comes to email safety, be extremely skeptical.
This is an area in which it’s good to be hesitant, exercise extreme caution, and be wary. Email is quick and convenient, but now more than ever it’s important to slow down, stay vigilant, verify often, and change up communication methods.
Are you a current client of CIO Solutions? Contact your vCIO or Customer Success Manager to continue the conversation around your IT security and anti-phishing education tools!
Not a client yet, but curious about maturing your IT solutions? Let’s talk!