top of page

SECURITY TIPS

Email concept with person using a laptop in a chair.jpg

EMAIL SECURITY BEST PRACTICES – THE DO’S AND DON’T’S

 

DO

 

  • ALWAYS… check the email “from” field to validate the sender. This “from” address can be easily spoofed. Spoofing is simply a means of disguising an email to make it look like it was sent from someone you know and trust.  You can validate the sender by hovering your mouse over the “from” name field, which will then show you the actual email address of the sender.  If the email address doesn’t match the person or company that believe sent the email, it’s likely a fraudulent email and should be marked as SPAM and deleted.  Also, if the subject line or content in the body of an email makes you question why you received it, or why that particular individual sent it to you, then you should look more closely to confirm the sender before taking any action.  It’s likely that person didn’t really send it to you.

  • ALWAYS… check for files with a “double extension”. Although a text file named “safe.txt” is safe, a file called “safe.txt.exe” is not. The key is to closely look at the file name and extension to see it’s being disguised as something safe.  If you ever receive an email with an attachment that you were not expecting, you should look closely at the file name of the attachment before ever deciding to open it.

  • ALWAYS… report suspicious emails to your Information Technology support team, or engage them for guidance before proceeding. It’s very important for your IT department to be aware of suspicious activity so they can evaluate the email for potential threats, and also work to prevent malicious emails from entering the network in the future.  It’s best to not simply forward the email, but to call your IT support team to make them aware of the situation so they can provide the proper guidance.

  • ALWAYS… look closely at website addresses (URL) that are included in an email. Note that microsoft.comand www.support.microsoft.software are two different domain names (and only the first is real).  Fraudulent websites can have domain names that look legitimate, but are actually created to trick you into believing they are.  By visiting the spammers website, you’re giving them information about your geographic location (calculated based on your IP address), as well as your computer operating system and your browser.  You also run the risk of the website infecting your computer with Malware.   Bottom line, look closely at any URL and hyper link before clicking on them.  If you suspect the website is fraudulent, you should contact your IT support team before just visiting the website.

DON’T

 

  • DO NOT… open any email attachments that end with .exe, .scr, .bat, .com, or other executable files that you do not recognize. You should also be very cautious about opening MS Word, MS Excel, and Adobe PDF files.  There are several studies that show an increasing number of viruses and malware are being spread through these file types.   Just about any email attachment can be malicious, so you need to be vigilant about opening email attachments.  If you receive an email that you weren’t expecting, even from a person you know, you should be highly critical of whether it is legitimate, and take additional precautions.

  • DO NOT… ever click embedded hyperlinks within email messages without first hovering your mouse over them to see where they will take you. By hovering over the hyperlink you will see the URL, which provides detailed information about network domain, website, or network location.  If the URL doesn’t look like it will take you to the appropriate business, website, or Internet location that you would expect, then do NOT click on the link.

  • DO NOT… respond or reply to spam in any way. Instead, use should mark the email as “SPAM” or “junk” in your email client, or work with your IT department to make adjustments to your SPAM filter to capture email from this sender in the future. If you don’t subscribe to an email SPAM filter, we recommend you incorporate one into your security practices going forward.  They are sometimes included in your current email service at no additional cost, or can be purchased separately for a very low fee.  A robust SPAM filter is a very inexpensive means of improving your overall security posture by minimizing the potential of threats being accomplished via email.  It’s also great to help unclutter your inbox to allow you to focus on more important emails that require your attention.

  • DO NOT… “unsubscribe” – it’s easier to mark the email as “SPAM” or “Junk” than deal with the security risks associated with clicking on the “unsubscribe” link, or responding to an email. There is certainly less risk if you know with a high level of certainty the email sender is trustworthy, but do you really want to take the chance?

 

bottom of page