Avoid Sending Sensitive Information Over Email

Emails that ask for personal information - regardless of how official they look - should raise suspicion.

Phishing attacks attempt to persuade people to hand over information such as passwords or financial info. Today’s attacks are more targeted, complex and difficult to detect, making them more lucrative than ever. Phishers posing as known, trusted organizations will often ask for sensitive information - legitimate companies will not. Avoid sharing sensitive info over email, and implement the following tips and best practices to prevent attacks and breaches:

Don’t trust the display name; just because an email says its from someone you know or trust doesn't mean it truly is. Even if the email address is legitimate, an email could be coming from an account that has been compromised by an attacker.

Beware of urgency’ phishing emails often convey that there is some sort of emergency in an effort to convince the recipient to act without thinking things through, such as an urgent request for a transfer of funds.

Evaluate the situation; is the greeting general or vague? Is the tone what you would expect from the person it is supposedly coming from?

Check spelling and grammar; attackers are often careless when it comes to spelling and grammar. In some cases, they will purposely add in extra letters or characters in an effort to evade spam filters.

Investigate before you click; read through the email carefully and thoroughly evaluate all parts before clicking on any of its contents. Do the subject line and body text make sense?

Be wary of requests for personal information; emails that ask for your personal information, regardless of how official it looks, should raise a red flag.

Watch out for more complex spear phishing; hackers are using compromised colleague’s accounts to impersonate employees and send high-quality, personalized messages to infiltrate an organization and steal your assets. Set a specific policy for financial transactions and confirm with the sender using a verified address.

Be cautious with links and attachments; phishing emails often contain malicious links or attachments, which redirect users to fraudulent websites that steal their credentials or download malware on victims’ devices.

Want to learn more about protecting yourself from phishing? Get in Touch >>

CyberSecurity Month

Get Your Guide