Say you get an email from the CFO asking to send an immediate wire payment to a vendor for $25,000. She’s never asked you to do this before—but the vendor company is legit, and the amount seems valid. Would you comply without questions? Would you give her a quick call to verify, even if it meant interrupting a meeting?
Or what if, instead of asking to send money, the CFO sends a link and suggests checking out an article she just read? Would you click? Would you even think twice to make sure the email was real?
Face it: We might be shrewd enough to recognize the old Nigerian prince swindle, but when the sender appears to be someone you work for—and the request seems plausible—the lines between ruse and reality can get pretty blurry. On the one hand, if you dare to question what the boss says, you could get in trouble. But, sending thousands of dollars to an unknown bank account, or inadvertently unleashing malware on the entire company network, doesn’t do you any favors either.
So how can you be better prepared to identify these fraudulent emails? More importantly, can you stop them from hitting your inbox or your clients’ inboxes altogether?
You bet. Try these three tested techniques:
- Up your email security game. Email is now the number one attack vector for online threats—so if you don’t have an advanced solution in place, you’re not going to be protected. Period. Look for a multi-layered solution that can detect both known and emerging threats, and that filters out malicious attachments, viruses, phishing scams, and other possible risks automatically.
- Educate users on what’s real—and what’s not. You might not be able to completely outwit would-be attackers, but with the help of awareness training programs, you can provide in-depth guidance on how to identify suspicious emails and common scam tactics. Another educational approach is an internal phishing campaign, where the IT department intentionally tries to dupe users to see where the greatest risk lies and who might need more help in spotting problem emails.
- Always, always read emails carefully. If something suspicious does make it to the inbox, it’s the job of the user to be discerning. Any request for an immediate transfer of money should raise a red flag, and any link sent in a message body that lacks real content should also give pause. Hover the mouse over the sender’s name to see if it’s really coming from the expected email address, and look for possible trick spellings in the email domain (where microsoft.com is actually micr0soft.com or microsoftt.com, for example). Ask yourself if the person supposedly sending the email would really write in that style or make that request.
Potential attackers rely on your hesitation and your natural inclination to trust the people with whom you work. Show your team and your clients you’re smarter by taking an aggressive stance to email security. Curious if you have the right defense strategy to protect your business? Click here to learn more.