Email Safety Tips + Why Hackers Use the Same Methods for Phishing

In Cyber Security by Amaya Swanson

Summer is almost here, it’s hot, and it’s been a long time since we all started working from home. And though we’d love to think about travel or staycations, at Matsco, we’re thinking about email safety.

While many of the best practices for email handling seem obvious, and some are, these methods are still used to gain your credentials and / or lure you to click a link because they work. Hackers / cyber criminals exploit the sheer volume of email we get, and expect that every so often, we will open emails / click links / enter our credentials without verifying the request is legitimate. And they’re right – we do.

Considering the uptick in phishing emails and compromised credentials, the Matsco team compiled a list of reminders for email safety for you and your team. Please be sure to review them, and keep them top of mind before you click / enter your credentials.

The Prize is a Lie

If it sounds too good to be true, it probably is! If you didn’t enter a contest or giveaway, your “prize” is likely not on its way, and you definitely shouldn’t enter any information for delivery, or pay any fees towards shipping + handling. Avoid clicking on any links that ask for your information, just ignore, and / or report as spam.

If you DID enter a contest, ensure said contest is legitimate before you provide any Personal Identifiable Information (PII). Always check the source.

Microsoft Isn’t Asking for Your Password

No one will ever ask you to put in your password via an email – EVEN / ESPECIALLY Microsoft. If you receive a notice that your password is expired, or compromised and you need to change it, or whatever the request may be, do not click the link, and instead type the company URL for the provider into your browser, and check if your password truly needs to be updated.

Type the URL, Don’t Click the Link

Hackers are great at duplicating legitimate emails and changing the URLs on images and display text for URLs to point to malicious sites. Never click on links in an email, instead, type the URL directly into your browser. You can also hover over links and images in emails to check for redirection to a fraudulent site – often the redirection is subtle and only missing a character or two, or will use two letters to create one (e.g. “rn” to create “m”).

Phone > Email

We know that email is easier than picking up the phone. Hackers know it, too! So if an email from someone you know looks suspicious, pick up the phone and call or text the sender to verify its authenticity. The couple minutes to send a text or make a call could save you hours of cleaning up a compromised account and a lot of embarrassment.

Multifactor Authentication Saves Accounts

Multifactor Authentication (MFA) is a must in every area possible. It will prevent any leaked passwords from being useful to Hackers, and give you a heads up if / when someone is trying to access your accounts. Matsco’s recommendation to use MFA isn’t restricted to just business accounts, use it everywhere, including but not limited to personal email and social media.

With the proliferation of Ransomware, it’s better to be safe than sorry when it comes to any odd mails you receive!

Share this Post