We know how easy it is to get caught out by scam emails. You may be hurriedly reading through your messages, you may be worried about what will happen if the message turns out to be legitimate and you’ve ignored it, or you may have simply fallen victim to a flawless imitation.
But no matter how understandable your reason is, you have still make a critical mistake. So what can you do to avoid that fate?
The solution, as we explain in this blog, is to ask yourself these three questions.
1. Am I expecting this email?
The first thing that should raise your suspicions is if the message is unsolicited and unexpected.
For example, it may be a message from eBay telling you that you need to change your password for security reasons.
You do get legitimate messages like this occasionally, but they are rare enough that you should consider it unusual.
Likewise, any email from someone you’ve not corresponded with before should automatically be met with caution.
It may well be genuine, but you should only reach that conclusion once you’ve taken a close look at the message. That means you shouldn’t respond or follow any links until you’ve read through it and asked whether it makes sense in context.
That brings us to our second question.
2. Does the email contain an unusual request?
Scam emails can be dressed up in all sorts of ways, but one thing they have in common is that they request that you do something – typically that’s following a link or downloading an attachment.
This is the whole reason scammers send these messages. The links ask you to provide login credentials and/or payment details, which the attackers can then capture, while attachments usually contain malware, which can siphon off information from your device.
Find out how else you can protect your organization by downloading Cybersecurity 101 – A guide for SMBs.
This free green paper outlines the essential steps that small businesses must take to address cybersecurity while keeping costs to a minimum.
Any email that asks you to do one of these things should be considered suspicious. Even if it’s addressed from a trusted source, you should be careful. Remember, scammers can imitate or even hijack people’s email accounts.
To protect yourself, you should ask whether this is a normal request. If it isn’t, does it seem reasonable?
If you’re in any doubt, you should move on to the final question.
3. How can I confirm whether this is genuine?
If you’ve got to this point, you can be sure that something is amiss – and you won’t find the answer in the email.
That’s why you should contact whoever sent the message using another form of communication. For example, if the sender is seemingly a colleague, you should give them a call or drop them an instant message.
You may feel uncomfortable doing this – particularly if the request seems urgent or it comes from a senior employee, but it’s always better to be safe than sorry.
For emails from organisations – such as our earlier example about eBay requesting that you change your password – you should visit its website manually by typing the address in your browser rather than following a link. If it’s a legitimate message, you should see a notification.
Raise cybersecurity awareness
Phishing attacks take advantage of untrained and unaware employees: it takes a single click on a malicious link to jeopardise your entire network.
We know that training your entire workforce can be costly and time consuming. E-learning training courses are an affordable and engaging way to train your staff.
Our Phishing Staff Awareness e-learning course is a good option for raising staff awareness of phishing attacks.
They will learn dozens of useful tips about how to recognize a phishing email, helping you protect your organization from cyber risks and data breaches.
A version of this blog was originally published on 4 August 2016.