Spoofing. Phishing. Viruses. Extortion.
Email scams take many forms. Some get caught in your spam filter, while others sneak by and land in your inbox. But virtually all email scams have one thing in common: they are trying to trick you into giving away access or money.
Protect yourself by remaining cautious (and even skeptical!) when you receive emails asking for either of those two things—especially when the request is threatening or urgent.
[You Might Also Like: "Three Common Email Scams That Can Sneak Past Your Spam Filter"]
Here are ways to protect yourself at the personal level, as well as defenses to deploy at the organization level.
Personal Defense Against Email Scams
Don’t take the bait! Use these tips to carefully evaluate the emails you receive:
1. Read emails carefully. Corporate senders typically proofread their messages for grammar and spelling errors; emails from scammers often have typos.
2. Check the “from” email address to ensure there aren’t missing or added characters. Also check for character substitutions―for example, the number, “1,” replacing the lowercase letter, “l.”
3. Be aware of the word pattern and flow. If the email doesn’t sound like it’s from your boss, it may not be from your boss.
4. Hover over links before clicking. Does the web address that appears match the text?
5. Pick up the phone and confirm requests for money with the supposed requester in real life.
6. Never enter your login information by following a link from an email. If you think the request is legitimate, close the email, and open the website in a separate browser window.
7. Report any suspicious messages to your IT provider. If you accidentally fall victim to an attack, the faster your IT provider responds, the better the outcome. And if you received a suspicious message, it’s likely someone else in your organization did, too.
Defend Against Email Scams at the Company Level
Don’t leave your employees to the phishes. No matter the size of your organization, there are steps you can take to defend against cyber threats. Prosource partners with organizations large and small to develop strategic security investments. Here are some strategies we deploy with our clients:
1. Back up your email accounts. When we all had our company email accounts hosted on our own servers, it was a given that we would back those servers up. Since the movement of company email accounts to cloud providers, many companies have stopped having an independent backup of their email accounts. Remember: email can be infected with malware, accidentally deleted, or maliciously deleted. Don’t leave yourself vulnerable to data loss.
2. Train your employees. We believe every employee in the company should receive regular training on cyber security and provide our clients with customized training solutions specific to their networks and needs.
3. After training, reinforce what employees have learned with testing. We include phishing simulations with our CompleteIT packages because research shows that if a user clicks one malicious email, they are likely to click another. Identifying those employees and providing them with further training improves your organization’s defenses.
4. Use email filtering. While these services aren’t infallible, they significantly reduce the amount of malicious email that makes it to your employees.
5. Evaluate email archiving. Email security isn’t only about malicious emails and spam. Email archiving protects you from unintended and malicious deletions. If you are in a regulated industry, email archiving allows you to meet regulatory requirements in addition to securing your communication history.
6. Encrypt sensitive material in your outgoing email. Many of our clients require the ability to send sensitive information without the risk of it being intercepted and read in transit.
An End-to-End Approach to Email Security
Email security starts with the company. Investing in smart tools to protect and train your employees will increase your productivity and reduce your organizational risk.
Email security ends with the individual recipient. Even with tools and safety measures deployed to protect you, you are still responsible for defense on the front line as you make daily decisions about what to open, click, and respond to. Make sure you are educated, aware, and actively engaged in staying safe online.
At Prosource, we believe your organization’s security is only as strong as its weakest link, so for National Cyber Security Awareness Month, we're taking a more personal approach to awareness. Every week throughout October, we'll send an email with cyber security tips and insights to help you stay protected against cyber threats. Not yet a subscriber? Sign up here.