More and more there is a surge in email scam attempts. As over 70% of organization data breaches involve social engineering and/or human error, please be aware on how to identify possibly fraudulent email. This can consist of the following:
- Phishing – masking as a company you may be familiar with to obtain passwords, money, or personal or business information
- Spoofing – Masking as a member of your organization to obtain sensitive company data or money
- SMS phishing or “Smishing” – Having a user text a number claiming to be a trusted individual, to send money or information
As a reminder, any email from outside your organization will have a disclaimer stamped at the top, as well as a label on the preview in the inbox.
This notice is to assist staff in recognizing possibly fraudulent email:
External emails will also be displayed in Outlook with the email address (below). Please ensure you recognize the sender’s name and email domain (the part after the @) before acting on anything in the email:
Even if the name is someone you may work with but the email domain (the part after the @) is not matching up, treat the message with suspicion.
The top reasons for clicking on phishing or spoofing emails are the perceived legitimacy of the email and the fact that it appeared to have come from either a senior executive or a well-known brand or customer.
- Take a pause. Scammers create a sense of urgency to prey on victims’ emotions.
- Take a second pause. Double-check the sender, subject and body for any misspellings or suspicious wording.
- Any email that is regarding financial data, PHI, or any sensitive information should always be viewed with caution.
- If something doesn’t seem right, verify internally with your management or IT support.
Comments
0 comments
Article is closed for comments.