Email Safety Series: Recap

We’ve covered the key aspects of email safety in our Email Safety Series: scammer goals, identifying the true sender, expected vs. unexpected email, determining if sensitive information is involved, and independent verification. Today, let’s take a single email through each of these steps.

Here’s what arrived in your inbox this morning:

EmailSafetySeriespt6

Scammer Goals

Phishing is a scam that involves the impersonation of someone you know or trust, a company or brand, or an authority figure. Scammers have these goals in mind when they create and blast out the scam:

  • Pry valuable information from you
  • Infect your computer
  • Steal your money

Identifying the Sender

Let’s take a closer look at this email. Who sent it?

EmailSafetySeriespt6sender

The name says it’s from Payroll – that means it’s safe, right? Not necessarily (or even likely). The email address is payroll-notice(at)county-gov-info(dot)com. That’s not your work email domain. Our first red flag is up!

Expected vs. Unexpected

Is this the first time you’ve heard of the payroll vendor changing? Did your boss let you know? Has it been mentioned in any meetings or other emails? Remember, unexpected emails are, by definition, high risk. If there has been no other context for the update, this request continues to look suspicious. Time to pause and inspect further.

What’s the Request?

What does this email want you to do? Does it involve any valuable information?

EmailSafetySeriespt6request

The link says “Update Account Information.” Following through on this request would bring you to an unknown website, where you will likely be asked to input your login credentials. You may also be asked to share your bank account and routing numbers. This request definitely involves valuable information.

Verification

So far, this email contains a suspicious sender and an unexpected request for valuable information. Have you deleted it yet? If not, it’s time to verify. Remember, independent verification is key. Don’t respond to the email. Instead, look up a payroll contact in your company directory and give him a call to confirm the request. Once you do that, this email will end up in your Trash where it belongs!

Email safety reminders

 

The Bottom Line

Scammers are looking for people who click first, think later. They will use urgency or offer things that seem too good to be true to move people to act. But if you stay vigilant, and keep these Email Safety steps in the back of your mind, you can avoid 99% of phishing scams.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s