So far in our deep dive into email safety, we’ve covered scammer goals, uncovering the true sender, and how expectedness vs. unexpectedness plays into the bigger picture. Today, we’ll discuss the request itself. What does the sender want from us?

Say you receive an email from your boss: an urgent request for your department’s W-2s. You check the email address and it is definitely her work account. It’s close to tax time, but there was no prior discussion about it, so you’re skeptical. However, there are no links or attachments, so you can feel safe, right? Not yet.

Requests for Valuable Information

Here is where the next step of Email Safety evaluation comes in: does the request involve valuable information? Let’s first define “valuable.” Valuable information is that which when lost, stolen, or accidentally divulged will cause financial loss, identity theft, loss of competitive advantage, or even blackmail.

Here are some data that would be considered valuable.

• Date of birth
• Social security number
• Wire transfers
• Personal or intimate photos
• Fingerprints
• Financial data – credit or debit card numbers, bank account numbers, sales reports
• Health information – insurance or medical records
• Student or customer records

Let’s go back to your boss’s request. What highly valuable information is contained in a W-2? You’ve got it- social security numbers. Tax thieves are looking to steal refunds through online phishing scams, and if you receive an email like this, it is almost certainly a scam.

Other Requests

Not every request involving valuable information will ask that you actually send or give out information, but other requests can be just as damaging. Last year, a City of Griffin finance department employee received an email appearing to come from their water treatment vendor with an “account update” request. The email gave a new routing number for payments, and the finance employee made the update without in-person or phone verification. The email turned out to be a phishing scam and over $800K was wired to scammer.

Verify Before You Supply

Anytime you receive a request for valuable information, DO NOT proceed with the request without in-person or phone verification. What do we mean by verification? More on that next in our Email Safety Series.