Safe Email Practices for Employees and Organizations
Network security is everybody’s responsibility. Hackers are taking new measures in an attempt to infiltrate a company’s network. Spoofing fake emails to appear as if they are coming from inside your organization is now the preferred tactic of hackers.
Spoofing: imitating an email with the intent to hoax or trick a person to conduct an action that exploits a network system vulnerability.
Tactics that manipulate users into clicking a link or downloading an infected file are becoming more and more common. When you, as a user, click on a link or download a file it bypasses all the security measures a network has in place, because it was “user enabled”. Your unexpectedness and your computer habits are now your networks biggest threat.
Look for these Red Flags
Look at the return email address – if you click on the senders email address and it contains gibberish or phony characters, it is most likely a spoofing attempt
Look for spelling and grammar mistakes – many of the phony hacker cells are from over seas and their English grammar is lacking. It is easy to find simple mistakes that lead to question the senders origin
Look for bogus graphics – do they look like a bad rendered graphic and maybe have some errors?
Think about the objective and purpose of the email message – does it seem the message is pushy or asking questions that are out of the ordinary? Do you really need to verify your information by clicking the link they provide?
Prompted for a password change? – Your network administrator may have a policy to have users change their passwords on a regular basis, however, Microsoft will never contact you the user, via email to change your password. Even though it looks 100% real, it is a spoofing attempt. If you have questions, please contact your IT Administrator before clicking on the link.
Password – Have a strong password with random letters, numbers, and special characters. Password generators are able to guess simple passwords very quickly. And don’t include publicly known information about you, ie phone number, kids names, home address information,
Use 2-Step Verification if available – Having a phone number or secondary email on your account to receive a code if you attempt to log in from an unknown browser or change a password is a sure way to prevent somebody from gaining unauthorized access to your account.
Go directly to the source – If you are being asked for something that is really on the line of phony or legit, go directly to that source. Do not click on links inside the email, rather go to the website or call the person. If you bank is asking you to verify some information, open a new browser and go directly to your bank account. If it is legit then the error message should be duplicated on the account. If not, call the bank to be 100%. The bank would rather tell you yes or no, than to have to change passwords and account numbers because you got tricked.