Email Safety Tips – A Must Read for Every Employee

Email is the #1 Threat

Hi, this is Andy Gritzer with MePush.  I just wanted to send out an email to assist with email safety.

Unfortunately, email has become the biggest concern regarding virus related incidents.  While there are measures in place to catch most viruses (spam filters and antivirus) the easiest way to prevent them is through proper handling of spam/malicious email.

I will assume that most of you receive spam email.  Spam filters will catch about 99% of spam that flows to your organization.  It’s the ones that get through that we need to worry about.  Below are some tips on how to avoid compromising your accounts, your computer, and your company’s network.  Really, all it comes down to is being aware and diligent.

Example of an organization’s spam filter statistics is in the below picture

NOTE:  I will use the terms “spoofing” and “phishing”.  Spoofing is a fraudulent practice in which an unknown source sends communication disguised as a known source.  Phishing is when an unknown source attempts to acquire information such as account credentials or credit card information.

Just because it says it’s from John Smith does NOT mean it is from John Smith.  You may receive an odd email from someone you have constant contact with.  Remember to look at the email address it is from and NOT just the name.  It might show John’s return address as “[email protected]” (just an example) when the reality his email address is [email protected].

That being said we are at the point where there are a lot of spam/fake/phishing emails being sent via “spoofed” addresses.  The name AND email address will look proper.  It will say it is from John Smith with an email address of [email protected].  But when you hit reply it goes to another account completely.  Anyone can spoof anyone.  Which makes it very difficult to determine what is legitimate or not.  Also, check to make sure the signature (if there is one) matches the sender.

I am not trying to scare you; just please assume anything that comes in with a link or attachment is NOT legitimate.  Make sure you cover your bases when opening attachments from known senders and especially UNKNOWN senders.

Were you expecting [email protected] to send you a document?  Does the document pertain to something you do at your workplace or a shared interest?  If not, do NOT open it.  Contact the sender and inquire about it to make sure before opening.  A lot of times the sender or the sender’s organization was compromised at one point and you might just be receiving spoofed emails.

You receive an email from Microsoft, Google, DocuSign, etc. asking you for your account credentials. These can look very legitimate.  No self-respecting company would every ask you provide your login credentials to them.  They have them already.  A dead giveaway is if you happen to click on the link and it takes you to a landing page asking to select what type of account (Microsoft, yahoo, google, adobe) and to enter your email address and password.  Also, ask yourself, do I even have an Office 365 account?  If not, then chances are it’s a scam/phishing email.

 

If you oversee finances never make a requested wire transfer or open a random invoice.  These phishing experts target specific people/positions within companies.  They will get the name of the CEO, send an email that looks like it is from the CEO to the CFO requesting a money transfer.  Please check the language of the email.  If it sounds generic, chances are it isn’t valid.  We have had clients do this at great financial loss.

Happy to help.

So please just keep this in mind when opening email.  Email has generally been the part of our jobs/home that takes very little effort.  You never really had to pay much attention when looking at your email.  Email was just, email.  Unfortunately, now we need to be very careful.  So, if something seems a little odd, chances are it might be.

I hope these tips were helpful!

Thank you, Andrew Gritzer