How to Keep Your Organisation Email Safe
Since COVID-19 the rise in suspicious email activity, email-related cyber attacks, as well as malware incidents has increased significantly. From social engineering right through to everyday email scams its clear there are people out there trying to take advantage of individuals and businesses.
At Simple Biz we take security seriously and we do everything we can to reduce risks by implementing security solutions however, no matter how great the solution individuals still seem to be the greatest cause of security risks. Its not all their fault, the way email is socially engineered these days makes it near impossible to not be caught out. We want to help you keep safe electronically so we have prepared this quick guide of what to look out for in your inbox.
Our guide on safe email practices in the workplace
Here are 7 tips you and your staff can look out for to keep your emails safe from hackers and avoid email-related cyber attacks or malware from occurring in the workplace.
1. Legitimate companies have registered domain names as their email
Don’t just check the name of the person sending you the email. Check their email address is safe by hovering your mouse over the ‘from’ address. Make sure no alterations (like additional numbers or letters) have been made. Check out the difference between these two email addresses as an example of altered emails: firstname.lastname@example.org email@example.com Just remember, this isn’t a foolproof method. Sometimes companies make use of unique or varied domains to send emails, and some smaller companies use third party email providers.
2. Legitimate companies usually call you by your name not some generic introduction
Phishing emails typically use generic salutations such as “Dear valued member,” “Dear account holder,” or “Dear customer.” If a company you deal with required information about your account, the email would call you by name and probably direct you to contact them via phone.
3. Legitimate companies Don’t request your sensitive information via email
Chances are if you receive an unsolicited email from an institution that provides a link or attachment and asks you to provide sensitive information, it’s a scam. The link or attachment is likely to be malware as most legitimate companies will not send you an email asking for you to verify your account passwords, credit card information, credit scores, or tax numbers, nor will they send you a link from which you need to login.
4. Legitimate companies know how to spell
Possibly the easiest way to recognize a scam email from a safe one is bad grammar. An email from a legitimate organization should be well written. Little known fact – there’s actually a purpose behind bad syntax. Hackers generally aren’t stupid. They prey on the uneducated believing them to be less observant and thus, easier targets.
5. Legitimate companies don’t send unsolicited attachments
Unsolicited emails that contain attachments reek of hackers. Typically, authentic institutions don’t randomly send you emails with attachments, but instead direct you to download documents or files on their own website.
Like the tips above, this method isn’t foolproof. Sometimes companies that already have your email will send you information, such as a white paper, that may require a download.
How to check suspicious email attachments for viruses or spyware
Be on the lookout for high-risk attachment file types include .exe, .scr, and .zip. (When in doubt, contact the company directly using contact information obtained from their actual website.)
6. Legitimate companies links match legitimate URLs not wired server addresses
Just because a link says it’s going to send you to one place, doesn’t mean it’s going to. Double check URLs.
How to check whether an email link is safe
If the link in the text isn't identical to the URL displayed as the cursor hovers over the link, that's a sure sign you will be taken to a site you don’t want to visit. If a hyperlink’s URL doesn’t seem correct, or doesn’t match the context of the email, don’t trust it.
Ensure additional security by hovering your mouse over embedded links (without clicking!) and ensure the link begins with https://.
7. Social Engineering Red Flags
Social engineering is the art of exploiting human psychology, rather than normal hacking techniques, to gain access to your business, systems or data. For example, instead of trying to find a software vulnerability, a social engineer might use social engineering techniques to pretend to be someone you know, trying to trick the employee into divulging their password.
Social engineering example
The below image is a great example of red flags to look out for with social engineering emails. Click on the image to download the PDF version.
September 27, 2020