Keep your company inbox safe by spotting email red-flags

Malware and data breaches pose a constant threat to businesses in Orange County, New York. Email is the most popular method for criminals to deliver these attacks. But even as email platforms become more proficient at detecting threats, they can’t solve the primary cause of more than 60% of security breaches: human error. This is why employee vigilance and security training play a big role in keeping your company inboxes safe.

Recognizing dangerous emails is one of the critical skills your employees need to protect your business. So when training your employees in email security, make sure you emphasize the following tips:

1) Don’t ignore Outlook warnings

Several mail applications have built-in anti-spam and anti-malware protection. Microsoft’s Outlook is no exception. It flags potentially harmful messages to warn your employees. These warnings can easily be overlooked if employees aren’t careful, so instruct them to pay attention to security alerts before interacting with any message..

2) Don’t cower before threats and scare tactics

One way scammers trick users is by creating a sense of fear or urgency in an email’s subject line or content. This tone is designed so that your employees will not think twice about opening an email, downloading an attachment, or clicking a link in the email’s body. Cybercriminals prey on people's worries with statements like “...or face litigation” or “you will be charged unless you act now.”

Reputable institutions like bank, IRS, and other business will never threaten to take you to court or ask for sensitive information via email. Legitimate organizations will never use threats but will typically only notify users of an issue that needs to be discussed personally. Verify the message by contacting the offices of the organization in question.

3) Keep an eye out for grammatical and spelling errors

Look out for glaring grammatical or spelling mistakes in a message from a seemingly legitimate organization. Such mistakes rarely appear in professional messages and may have been constructed with an online translation service. International cybercriminals typically use these tools to expand the reach of their email scams.

4) Don’t fall for email spoofing

Phishing scams typically lures users into giving away critical information by “spoofing” or imitating an email from a bank or other legitimate organization. This often comes in different forms.

Cybercriminals can use typosquating techniques, whereby they or create a near-identical copy of a trustworthy domain. This is done by discreetly misspelling or modifying the url of a well-known or trusted company. Take note of these two domains, “online.citi.com” and “online.citi-secure.net.” The first one is the actual website of Citibank, while the other is not.

Hackers may also use actual forms or letters from businesses and institutions to make phishing emails look legitimate. This is one reason why the IRS provides taxpayer information on their official notices and letters on their website.

Your employees should never input their user credentials when redirected to a site by a link in an email. Even if the site looks like it belongs to a trustworthy organization, it is safer to input the organization’s known web address into the browser.

5) Hover over links

Employees should check links in emails by hovering over them with their cursors. This will reveal their URLs, or the site to which the link will redirect when clicked on. If the URL appears typosquatted or looks to be comprised of random characters, delete the email. The same goes for one produced by link shortening services, such as bit.ly. Legitimate or respected organizations don’t use link shortening in their emails.

5) Don’t download attachments

Any unsolicited message telling you to download an attachment should raise suspicion, even if the message comes from a known organization or familiar source. Avoid this at all costs, especially if it is presented with an exciting offer or a warning.

6) Beware of BEC scams

A Business Email Compromise (BEC) scam targets companies that conduct wire transfers, like enterprises that have overseas suppliers. It does so by imitating executives or high-level employees to fool victims into wiring payments to the hackers. Often, they impersonate CEOs or CFOs requesting for emergency payments to their account.

7) Think twice about generic greetings

Generic greetings such as “Dear customer” are a red flag. Reputable organizations will typically address customers and contacts by their full names.

8) Don’t fall for “Nigerian prince” scams

Scare tactics are one thing but on the other side of the coin is great news or news that sounds too good to be true. Also known as Nigerian prince scams, these emails promise a great reward in exchange for some help or a small investment. Avoid these types of messages at all costs.

9) Don’t press just any call-to-action button

Not all call-to-action buttons can be trusted. Scammers are not above placing them in emails and using them to attract users into being redirected to a malicious site or downloading malware. Before clicking any links, be certain of whom the email is from or confirm whether you are really subscribed to that company’s newsletter.

If human error is a major cause of enterprise cyberattacks, then the first line of defense is employees trained in security awareness. But that’s just the beginning. You’ll need a more comprehensive defense by backing that up with security solutions and expertise in IT. We can provide all of that. If you have a business in Orange County NY, Hudson Valley IT can help you get started in protecting your small business with total security. Call us today.