Keep Your Inbox Safe with these Email Security Tips
Published: 1/04/21 (Mon)
Written by NDIRF CIO Vance Krebs
As the frequency and sophistication of cyber attacks grow, it’s important your employees understand some simple things they can do to help protect your entity from an email cyber attack:
TAKE 5-10 SECONDS TO VERIFY THE SENDER’S EMAIL ADDRESS AND DOMAIN NAME BEFORE YOU READ, RESPOND, OR ENGAGE (I.E. CLICK ON A LINK OR OPEN AN EMAIL ATTACHMENT) WITH AN EMAIL.
It’s easy for hackers to create email addresses and domain names that appear legitimate. For example: In under five minutes, a hacker could create a fake Vance.Krebs email address and @ndrif.com domain name. Did you catch the subtle difference between the fake domain name and the legitimate domain name, ndirf.com? Reversing the order of the “r” and “i” is hardly noticeable, so be sure you’re mindful when reviewing email addresses and domain names.
DELETE EMAILS RECEIVED FROM YOUR OWN EMAIL ADDRESS.
Unless you sent yourself an email, don’t read, respond, or engage with emails received from your own email address. The latest email phishing trend is hackers using an individual’s email address and posing as Microsoft, asking recipients to click on a link to increase their Outlook mailbox storage size.
LOOK FOR STYLE INCONSISTENCIES, AND SPELLING AND GRAMMATICAL ERRORS.
If an email doesn’t feel right, it’s probably not. Style inconsistencies include strange capitalization, sentence structure, and even a different salutation (ex. Hi, hello, greetings, etc.) than you would normally expect from a specific sender. Additionally, if the email is making an unordinary request, call the sender to verify the request before taking any action. Unordinary requests often include financial requests, such as asking for cash, wire transfers, and/or gift cards.
TAKE 5-10 SECONDS TO THINK, “WAS I EXPECTING THIS EMAIL?”
Especially if an email contains a link, attachment, or request for action, take a few seconds to think about if you were expecting it, or call the sender to verify the legitimacy of the email. If you receive a suspicious email, your best course of action is to report it to your IT department and promptly delete it. Your employees are your best first line of defense in helping to protect your network, so be sure they understand the importance of taking a few extra seconds to carefully review the email address, domain name, and email message content before they read, respond, or engage with an email. Remember, if an email doesn’t feel right, it’s probably not!
Computer Security Basics and Cybersecurity Threats to Public Entities are two courses offered through LocalGovU at no cost to your entity.