Email is commonplace in the business world, with over 108 billion emails sent and received per day. The fact that emails are circulating in big numbers makes them a good target for scammers. We all need to be careful when opening emails.

Consider this scenario that was recently brought to my attention:

I was made aware of strange emails that several employees received from people that we do business with on a regular basis. Coincidentally, these emails were coming from separate individuals and separate companies meaning this was not an isolated incident. The emails seemed strange because the messages were very short – not common for the senders – and included links or attachments.

It turned out that the sender’s email accounts had been compromised (more than likely the person’s password was guessed or stolen) and a hacker was sending emails to everyone in the person’s address book asking the recipient to “click here.” If the recipient did click, they would then be redirected to a webpage where they were asked to enter their username and password. What makes these particular cases difficult is that the sender accounts are valid and familiar – technology cannot always protect against these conditions.

So what can you do in these situations?

It is all about using your best judgment and questioning odd or sensitive situations. Although most requests that we receive in our everyday life are valid, the need to pay extra attention applies when:

  • You are asked to click on a link or file within the email.
  • You are asked to enter a username and password.
  • You are asked to provide sensitive, confidential, or personal information.

Some other things that will help with protecting yourself, the company, and others are:

  • Use different passwords for all accounts and never use your actual Windows password for other accounts. This way if a password does get compromised, the hacker does not gain access to every system you have access to.
  • Make sure you have good passwords that are strong and complex. Use a minimum of 8 characters with a mix of numbers, special characters, uppercase letters and lowercase letters.
  • Always protect your passwords. Don’t write your passwords down, don’t share your passwords or allow others to login as you, and don’t email passwords.
  • If something seems strange, it probably is. Always verify things if they seem questionable.
  • If you are verifying the person on the other end, don’t simply “reply” to the email. Call them at a known and valid number or send a separate email to a known and valid email address.

Don’t hesitate to dig deeper to protect your security. The extra few minutes of validation are always worth it.

-Paul Rosenquist