Avoid Sending Sensitive Information Over Email
Emails that ask for personal information - regardless of how official they look - should raise suspicion.
Phishing attacks attempt to persuade people to hand over information such as passwords or financial info. Today’s attacks are more targeted, complex and difficult to detect, making them more lucrative than ever. Phishers posing as known, trusted organizations will often ask for sensitive information - legitimate companies will not. Avoid sharing sensitive info over email, and implement the following tips and best practices to prevent attacks and breaches:
Don’t trust the display name; just because an email says its from someone you know or trust doesn't mean it truly is. Even if the email address is legitimate, an email could be coming from an account that has been compromised by an attacker.
Beware of urgency’ phishing emails often convey that there is some sort of emergency in an effort to convince the recipient to act without thinking things through, such as an urgent request for a transfer of funds.
Evaluate the situation; is the greeting general or vague? Is the tone what you would expect from the person it is supposedly coming from?
Check spelling and grammar; attackers are often careless when it comes to spelling and grammar. In some cases, they will purposely add in extra letters or characters in an effort to evade spam filters.
Investigate before you click; read through the email carefully and thoroughly evaluate all parts before clicking on any of its contents. Do the subject line and body text make sense?
Be wary of requests for personal information; emails that ask for your personal information, regardless of how official it looks, should raise a red flag.
Watch out for more complex spear phishing; hackers are using compromised colleague’s accounts to impersonate employees and send high-quality, personalized messages to infiltrate an organization and steal your assets. Set a specific policy for financial transactions and confirm with the sender using a verified address.
Be cautious with links and attachments; phishing emails often contain malicious links or attachments, which redirect users to fraudulent websites that steal their credentials or download malware on victims’ devices.
Want to learn more about protecting yourself from phishing? Get in Touch >>
CyberSecurity Month
- Tip - Avoid Phishing Emails
- Tip - Being Cautious of Spam Email
- Tip - Be Wary of Malicious URLs
- Tip - Protect Against Spoofing & Sender Fraud
- Tip - Protect the Privacy of Your Email with TLS
- Tip - Don't Rely on Native Microsoft 365 Email Protection Alone
- Tip - Implement TLS to Keep Your Email Secure
- Tip - Endpoint Security Is Not Enough
- Tip - Conduct Regular Email Security Audits
- Tip - Configure Email Account Settings with Security in Mind
- Tip - Learn How To Spot Threats to Business Email
- Tip - Backing up Your Data and Isolate Your Backups Offline
- Tip - Protect Business Email from Phishing Attacks
- Avoid Sending Sensitive Information Over Email
- Tip - Learn About Malicious Links
- Tip - Prevent Zero-Day Attacks
- Tip - Business Email Is for Business Only
- Tip - Learn How To Identify Social Engineering Attacks
- Tip - Know Your Email Risk
- Tip - Safeguard Your Inbox from Malicious Mail
- Tip - Understand How Phishing Attacks Are Carried Out
- Tip - Know the Steps in a Spear Phishing Attack
- Tip - Familiarize Yourself with the Anatomy of a Whaling Attack
- Tip - Understand How Malware Attacks Work
- Tip - Learn the Steps in a Ransomware Attack
- Tip - Understand the Phases of a Business Email Compromise (BEC) Attack
- Tip - Know What Zero-Day Attack Is & How It Works
- Tip - Familiarize Yourself with the Phases of an Account Takeover (ATO) & Lateral Phishing Attack
- Tip - Learn the Steps in a Social Engineering Attack
- Tip - Understand the Types of Email Viruses to Be on the Lookout For