Email Safety Best Practices: How to Stay Safe From Email Scams
We all know that email scams are going around like crazy these days. Our goal is to keep you and your company safe.
There are a few simple techniques that will help with our security efforts.
In this article, we’ll cover:
- Creating a Secure Password
- How to Recognize and Avoid Phishing Scams
- And Steps to Prevent Fraudulent Payments
So, let's dive in.
Creating a Secure Password
Most of us don't think of passwords as powerful cybersecurity tools. But in reality, passwords are an easy, and extremely important, protection method.
Criminals use tools that can guess thousands of passwords per minute. So, short common words or phrases make guessing passwords way too easy.
Here are some general rules to follow for creating a secure password:
- Start by using at least an 8-character password. Longer isn’t necessarily better – complexity is key.
- If you can, try using a phrase, with spaces and punctuation. Something like, “I love chocolate ice cream!”
- Use both upper and lower-case letters, special characters, and numbers when creating a password.
- Never use passwords that contain easily guessed words like "password" or "LetMeIn."
- Avoid using "creative" ways to write the word 'password' such as replacing the A with the “at” symbol or the S with a dollar sign.
- Avoid things like birthdays, commonly used phrases, and things that identify you or your company – such as your company name.
How to Recognize and Avoid Phishing Scams
No matter how high your defenses, phishing emails can still land in your inbox. Your best shield is knowing what to look for and what to do when it happens.
Learning how to recognize phishing scams is a skill to use daily. We recommend visually scanning all emails for a few things before clicking attachments or links.
Here are some red flags to look for to spot fake emails:
Check the email address
Look for forged email addresses. In the Sent From line, hover your mouse over the email address. Does the address look real? Is everything spelled correctly? Is there anything skewed in the company name? Like replacing the O with a zero.
Scammers have gotten VERY good at replicating real companies, so double check the sender before you do anything.
Also, be on the lookout for unexpected emails from people you know. Again, scammers are very good at what they do. Pretending to be someone else is all a part of their game.
Check the subject line
Messages that contain threats to shut down your account, or ones that use words like “Urgent” to generate a false sense of importance, are usually scams. They’re using scare tactics to get you to act quickly and recklessly.
Check body of the email
The body of the email has the most tell-tale signs if you know what to look for. First look for poor writing or grammar. Scammers live all over the world and may not speak or read your language. They might be relying on a free translation service, which didn't get it quite right.
Requests for personal information is another sign. No respectable service, company, or provider would EVER ask for things like passwords, credit card numbers, or Social Security numbers over email.
Best Practices for Handling Email Attachments
Don't open attachments unless you're expecting them AND know who it's from.
If an email attachment is suspicious, contact our Support Desk or your IT team before you open it.
As a general rule, if you don't know the person who sent the attachment, don't open it. Delete the email immediately and let our Support Desk or your IT team know so we can be on the lookout.
Best Practices for Reviewing Email Links
Before clicking on any links, hover your mouse over them to see if the URL looks legitimate and is a trusted site.
If you still aren't sure, instead of clicking on links, open a new browser window and manually type in the address.
And lastly, as tempting as it may be, don't click the "Unsubscribe" link in a spam email. Clicking it only lets the spammer know your address is legitimate, which could lead to you receiving more spam.
Don't Agree to Run Programs or Enable Macros
Never allow macros or accept warnings to Word, Excel, or other attachments. These are applications that are trying to run, and there is no good reason to send them over email.
Never Reply or Send Personal information
I know it's tempting, especially when you know it's a scam, but don't reply. This is a forged email and will only send you further down the rabbit hole.
I’m sure it goes without saying, but I’m going to say it anyway – never give out your passwords, account numbers, credit/debit card information, social security number, medical information, or any other personal information via email.
Be cautious about where you enter your email address online. The internet is an awesome thing, but random websites shouldn’t be blindly trusted. Spammers scan unsecure websites sites often to collect email addresses.
Steps to Prevent Fraudulent Payments
Seems like everything can be done with a push of a button these days. Convenience is key, but it has also made us trustworthy - and a little lax at times about protecting ourselves.
A lot of billing-related communication is done via email, so scammers use this to their advantage. Their goal is usually to get you to send them money - and as already mentioned, they’ve gotten pretty good at impersonating people and organizations you trust.
They’ve even been known to impersonate a client or vendor and request payments on their behalf online or over email. I know it sounds like a classic “it won’t happen to me” situation, but smart people are being tricked into paying millions of dollars to scams like these.
The good news is, there are ways to defend yourself from these kind of attacks.
Basic Guidelines for Preventing Fraudulent Payments:
As I mentioned before, don’t send personal information in an email message. Reputable businesses will never ask for sensitive information via email.
Create an approval process for payments; one that requires approval from at least two people. For example, have a manager and an accountant review the payment before it’s made. Or put a payment approval submission process in place. If payment is by check, it’s good to have a rule stating that if the check is over a certain dollar amount, then if requires two or more signatures.
This ensures that all t’s are crossed and i’s are dotted.
Lastly, most attacks will appear to come from long-time customers, partners, or vendors. Don’t ever break protocol, even if you know the person or company well. If something is weird about a payment request from a vendor you’re familiar with, call the vendor directly – and use the phone number you’ve used in the past with them. Not the number that may be located on the invoice or payment request in question. This includes not accepting account changes via email. Things like: changes in their address, account number, or payment information.
Keep in mind that email can be intercepted between leaving your inbox and its destination. So, applying the above rules to the emails you send and receive is very important.
And last, but not least, be sure to log out or lock your workstation when you step away from it.
So, there you have it. Email safety, while tedious at times, will go a long way to protecting you and your company’s information from scams, viruses, and hackers.
If you have any questions, feel free to contact us any time.