Email Security – 5 Easy Ways to Protect Yourself and Your Business
Email Security – or how I learned to love my email again… Email scams are on the rise – still. They have been on a steady increase for years and there is no evidence of that threat abating any time soon. And while none of this is earth shattering news for anyone, it is getting tougher to spot the fraudulent hooks all the time.
Here are some tips for better email security to help you stay safe.
Check out the return email address.
One of the easier ways to spot a scam is to simply examine the email address of the sender. The simple scammer will invariably use Hotmail, Yahoo or Gmail. So for example, you might get an email from RBC@gmail.com. Now, we all know that the Royal Bank has their own domain name; they certainly don’t conduct business using a Gmail account so that one should be pretty easy to spot with a cursory look at the sender’s email addy.
Another popular trick is to change/add/drop a letter in the domain name to something like email@example.com (note the double L’s). A little tougher to spot but since you are ultimately responsible for your own email security, you (yes, you) need to pay attention.
Perhaps the simplest way to determine the source of the email is to do a search on the domain name. In the example above (firstname.lastname@example.org) a quick query on royallbank.com gives you a bogus looking page offering a multitude of sources for payday loans.
Beware the hyperlink. Scammers rely on you to click on hyperlinks in their emails and use a common cloaking technique to disguise the true destination of the link. And in many cases, the emails look very real using company colours and with a handful of bona fide links thrown in for good measure. For example, a hyperlink in an email may say “Please visit royalbank.com/security to change your password” but when you click on it you end up in the bad part of town long after nightfall (don’t worry, the illustrative link here only takes you to Google). Meanwhile the rest of the links in the email are very real. How not to get duped? Hover over the link for a moment and the true destination will reveal itself. Then do the simple checks illustrated above before you blindly leap into the abyss.
Spend a moment to read the email carefully. Many (not all, but many) email threats were originally crafted in countries where English is not the first language and often times that shows up as a distinct clue that all is not as it should be: “Click here to make good password for secure” is probably going to be anything but “good password for secure”. Highly regarded institutions are uber-restrictive on their corporate emails (especially the auto-generated variety) and one of the things they don’t tolerate is bad Engrish.
Enter your password here. Or send me money, or update your Visa profile, or click here to download a very important security update, or… Everybody knows that banks don’t ask you for passwords, or pin codes and Microsoft doesn’t send out links to downloads, right? And everyone also know that FedEx doesn’t send out invoices in a zip file, right? No? Well now you do. This is the biggest red flag of the bunch and yet we still do a half-dozen mop-up jobs a year because someone had to see their updated IRS documents sent to them in a zip file. That’s right – an IRS document – sent to a Canadian citizen with no ties to the US gets clicked and the network grinds to a halt. There really is a sucker born every minute and the spammers and scammers know it all too well. Just don’t do it – if it walks like a duck and it talks like a duck, it’s a duck.
Pick up the phone. Many nefarious emails have phone numbers in them to make them seem more legit. Not sure? Call the number. If it’s real and someone from the Royal Bank answers, tell them about the email you got. They’ll tell you if its above board – they have a reputation to protect. And if it’s fake, you just spent all of 16.3 seconds of your life safeguarding your future; pretty good ROI I’d say.
I know all of these suggestions fall into the realm of common sense. But as my Pop would say: “Common sense is about as common as common courtesy”. So as I always say: “When in doubt, parachute out!”
Got questions about email security for your business network? We’ve got answers so contact us today!