Dealing With Scam Emails

Uploaded on 2021-12-02 in TECHNOLOGY--Resilience, FREE TO VIEW

Feeling totally safe on the Internet nowadays is a rare luxury, but still people tend to be more trusting and relaxed in some cases. This is especially true for working environment, where employees may feel secured because of all the corporate measures to protect company’s data and finances.

Ironically, having regular cyber security training and knowing about elaborate digital protection technologies may make some employees open to easy and straightforward scamming attempts. 

Remember, that corporate mail is not a 100% safeguard against fraudulent messages. Read this article to learn how to react after receiving a scam mail.

How To Check For Scam Emails

You’re receiving hundreds of emails every day, so what to do to minimize the risks of getting scammed? Implement this basic email processing routine to ensure you’re doing your part of the job. 

Check the sender’s address:   Scammers often copy real electronic addresses you may find authentic at first glance. But second look will ensure you won’t miss extra dot or wrong letter in sender’s address.

Carefully Analyse The Content:   Absent or incorrect signature in the email, weird logo or outdated letterhead – noticing these little mistakes of the scammers may save you from troubles. But even proper corporate formatting is not a green light yet. 

If the request in email seems odd to you, especially concerning any data transferring or financial transactions, restrain from any immediate actions. Call for unusual actions or decisions that go against set procedures or established practice is good enough reason to check this request or consult with superior. 

Verify information by other means:   Trust your instinct and find another way to contact a person who sent you the suspicious email. Call via the phone number you’ve known before (not the one indicated in the email), talk personally, or use another email address. 

These simple steps would be sufficient for absolute majority of your incoming mail. Most scamming attempts are messy, so you’ll identify them with little effort.

Here for more details on most popular scamming schemes online, but beware, some elaborate tricks may get through your safeguards and it is crucial you know how to react.

What To Do With A Scam Email

You have received a suspected scam email from your corporate address and now wondering what you should do next.  Follow this advice to lower the chances of seriously damaging your company’s cyber security.

Never open an email you find suspicious:   Avoid opening any letters looking weird at first glance. Confusing subject line, amended sender’s address, your name misspelled can be an indication. Just do not open it and find a way to double-check its authenticity.

Do not click on any links:   Some letters just look totally safe at first or you opened one automatically before noticing something’s off. Main rule – do not click on any links. You may open doors for malware entering your own and the whole company’s IT system. Watch out specifically for emails providing links to change your password for safety reasons. You should know the corporate regulations for personal identification credentials, which are rarely through email prompts.

Change your password:   You successfully identified the scamming attempt, avoided clicking on any links, so what’s next. It would be wise to change your password to mailbox and corporate computer account through established trustworthy procedure. Log out from previous session on all your devices after changing password. Consider activating two-factor (or multifactor) identification to reinforce your protection.

Make sure you’re not accidentally open to such attacks:   In most cases scamming attempts are rather random than targeted ones. But it’s best to do your best to avoid helping scammers (and spammers) unknowingly. Recall where do you use your email address, except from bilateral communications or business cards. Remove your address from widest public availability – website, social media, printed handouts. Don’t forget to not use your corporate mailing address for online purchases or subscriptions, or any personal purposes.

Inform your company's IT / Security officer:   Do it urgently if you opened the links or suspect malware attacking your computer. Otherwise, it’s just beneficial for dedicated cyber security specialist to know about scamming attempts. This allows to watch out for more letters, check security setup and probably notify the staff reminding of basic digital hygiene rules.

Remember that burden of responsibility to do your best for cyber safety of your company lies with you and your vigilance is part of your professional duties. Most precautions for scamming emails do not require a lot of time or efforts, so they are easy to remember and implement constantly.

Eliza Sadler is a professional journalist currently working for a leading Assignment Writing service. 

You Might Also Read: 

Secure Your Personal Email & Social Media Accounts:

 

« What Is An API, Anyway?
What Every PHP Developer Needs to Know About Cyber Security »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Energy Sec

Energy Sec

EnergySec is a United States 501(c)(3) non-profit corporation formed to support energy sector organizations with the security of their critical technology infrastructures.

Clearwater Security & Compliance

Clearwater Security & Compliance

Clearwater Compliance specialize in Privacy, Security, Compliance and Risk Management Solutions for Health Care, Law Firms and other businesses.

Cyber Aware

Cyber Aware

Cyber Aware aims to drive behaviour change amongst small businesses and individuals, so that they adopt simple secure online behaviours.

La Fosse Associates

La Fosse Associates

The InfoSec Recruitment team at La Fosse Associates specialises in placing Information Security & Risk professionals on a permanent and contract basis.

EU Joint Research Centre

EU Joint Research Centre

JRC is the European Commission's science and knowledge service which employs scientists to carry out research in order to provide independent scientific advice and support to EU policy.

Data Eliminate

Data Eliminate

Data Eliminate provide data destruction, secure end-of-life IT asset disposal, and data protection consultancy services.

GitGuardian

GitGuardian

Enable developers, ops, security and compliance professionals to enforce security policies across public and private code, and other data sources as well

Forever Group

Forever Group

Forever Group is a Managed Services Provider specialising in Telecommunications, IT Support, and Cyber Security.

Accurics

Accurics

Accurics enables self-healing cloud native infrastructure by codifying security throughout your development lifecycle.

Grove Group

Grove Group

Grove provides businesses with the tools that work best for their unique operations, through cybersecurity and cloud services, custom software development and our big data analytics expertise.

Infinipoint

Infinipoint

Infinipoint pioneers the first Device-Identity-as-a-Service (DIaaS) solution, addressing Zero Trust device access and enabling enterprises of all sizes to automate cyber hygiene.

Cyberplc

Cyberplc

Cyberplc is a global cybersecurity consulting firm providing services to government, the public sector and enterprises.

AArete

AArete

AArete is a global management and technology consulting firm specializing in strategic profitability improvement, digital transformation, and advisory services.

CypherEye

CypherEye

CypherEye is a next generation trust platform that advances the current state of Multi-factor Authentication (MFA) to enable highly secure, private and auditable cyber-transactions.

AddSecure

AddSecure

AddSecure is a leading European provider of secure IoT connectivity and end-to-end solutions.

Hakware

Hakware

Hakware is a next-generation Security Management solution offering a comprehensive OneView of your entire IT and security environment.