Tips to detect and protect against email scams

Email communication is an important component of everyday life and business. However, this channel of communication is also a feeding ground for scammers. As we press on through the COVID-19 pandemic, the majority of the US workforce is working from home and will continue to do so for the foreseeable future. That is why, especially when everyone is facing so much uncertainty, it is important to take the time to be alert to potential scams and aware of ways to protect yourself and your business.

NSGA Information Systems Manager Brad Thompson shared some helpful hints.

A properly configured email firewall should be set up and monitored by your Information Technology professional. It is essential for helping limit email scammers.

Equally important is educating your employees on what to look for when opening questionable emails. 

Is there a foolproof way to know it is a bad email?  No, but there are some indications, that when put together, should raise alarm:

  • An email from someone you do not know asking for something
  • An attachment asking you to open it from someone you do not know
  • An email from higher management or the owner asking for urgent information when this is unusual
  • Misspellings or poor grammar
  • Is it an internal email vs. external email - your email firewall may be able to flag this
  • An email from someone you know that doesn't make sense. Their contacts may have been hacked. (Reach out by phone and bring this to the attention of the sender, they will appreciate it.)
  • An email that tries to create fear that if you don't act something bad will happen. It is often your reaction that will get you in trouble. 

The golden rule: Assume that every email is suspect. Would you give your social security number to someone who called you claiming to be from an important government agency? Of course not. The same implies for an incoming email.

  • Never assume that content, including email addresses or phone numbers, are correct.
  • Never blindly trust a link from an email. Scammers want you to click on the link, which will bring you to a site that looks authentic and then prompt you to try to log in. The scammer will capture your login information for later use and then direct you to the real site to login. 
    • Do you use the same password in multiple places? Well, the scammer (or his friends on the dark web) will try to use that same password for other sites. 
      • An example: The email requests that you change your password immediately. Instead go to the website directly, without using the link in the email. Is there any indication of an issue or message at the website?
  • Is the email requesting data or money?  Even if it appears to be a business partner, take that extra step and make a phone call to verify.

It may be necessary to take a screen shot or snip of a scammer email to share with your team and make them aware of the scam and how it was identified. Never forward the actual attachment, share the captured image and use it as an opportunity to educate your team. Ask them questions and create discussion. 

Teach and encourage your team to be alert. It may just prevent a data breach!