Email Safety Series: Recap
We’ve covered the key aspects of email safety in our Email Safety Series: scammer goals, identifying the true sender, expected vs. unexpected email, determining if sensitive information is involved, and independent verification. Today, let’s take a single email through each of these steps.
Here’s what arrived in your inbox this morning:
Phishing is a scam that involves the impersonation of someone you know or trust, a company or brand, or an authority figure. Scammers have these goals in mind when they create and blast out the scam:
- Pry valuable information from you
- Infect your computer
- Steal your money
Identifying the Sender
Let’s take a closer look at this email. Who sent it?
The name says it’s from Payroll – that means it’s safe, right? Not necessarily (or even likely). The email address is payroll-notice(at)county-gov-info(dot)com. That’s not your work email domain. Our first red flag is up!
Expected vs. Unexpected
Is this the first time you’ve heard of the payroll vendor changing? Did your boss let you know? Has it been mentioned in any meetings or other emails? Remember, unexpected emails are, by definition, high risk. If there has been no other context for the update, this request continues to look suspicious. Time to pause and inspect further.
What’s the Request?
What does this email want you to do? Does it involve any valuable information?
The link says “Update Account Information.” Following through on this request would bring you to an unknown website, where you will likely be asked to input your login credentials. You may also be asked to share your bank account and routing numbers. This request definitely involves valuable information.
So far, this email contains a suspicious sender and an unexpected request for valuable information. Have you deleted it yet? If not, it’s time to verify. Remember, independent verification is key. Don’t respond to the email. Instead, look up a payroll contact in your company directory and give him a call to confirm the request. Once you do that, this email will end up in your Trash where it belongs!
The Bottom Line
Scammers are looking for people who click first, think later. They will use urgency or offer things that seem too good to be true to move people to act. But if you stay vigilant, and keep these Email Safety steps in the back of your mind, you can avoid 99% of phishing scams.