Cybersecurity Advent – Day 15

Today’s Cybersecurity tip is: be careful in email

In reality, you should be careful and pay attention to all the information you post or share, links you click, or attachments you open online; not just in emails. But most people use email everyday for both personal and business reasons as well as communicating with people you don’t know. Most other digital communication is in a controlled environment or with a limited audience. Additionally, it’s very easy for “bad guys” to exploit email because of the relative anonimity, it’s easy to reach wide audiences, and easy to spoof. Therefore, it’s very important to protect yourself and be vigilant when using email.

Here are a few things to pay attention to and some guidelines to follow for your inbox:

Don’t trust links

  • Do you trust or know the person/service that sent the link?
  • Were you expecting a link? For instance if you started a password reset for an account and need to verify your email address
  • Check to make sure the link text matches the actual URL (mouseover or right-click to see the actual link URL)
  • Make sure it’s a secure link – HTTPS
  • Make sure it’s a trusted domain or from a service you actually have an account with
  • Double-check the full URL – mybank.com is not the same as mybank.adifferentserver.com
  • When in doubt, always open a browser and go directly to that service’s website rather than click the link; if you receive an email from your bank stating you urgently need to open the link, then the same message should be in your account on their website … ALL good services do this

Don’t trust attachments

  • Do you trust or know the person/service that sent the attachment?
  • If your web client doesn’t scan attachments for malware automatically, either save the file locally and scan or scan directly in the web client before opening
  • Ensure the program you use to open the attachment opens it in “safe” mode – Adobe Reader and all Microsoft Office programs can be configured to disable running scripts or other malware processes, for example
  • When in doubt, reach out to the person who sent the attachment and ask if it’s safe – preferably contact them on a different channel (call/text), or
  • Better yet, just delete the email

Be vigilant of information you give out
Even if an email doesn’t include an attachment or link, the person sending it might be phishing for information. Don’t give out any usernames, birth dates, SSNs, or other sensitive information. Pay attention to who they are and what they’re asking. If you wouldn’t give information to a stranger face-to-face, then you shouldn’t through email. And remember that it’s very easy to spoof email information, so it can look like it’s coming from somebody legitimate. Sometimes it doesn’t hurt to verify you’re having an actual conversation with the right person … or better yet, is email the best place for that conversation? Maybe a phone call, text, or some other form of communication would be better.

Hopefully these tips will help you feel a little safer using your inbox and can avoid malware or security breaches of sensitive information through email (and other digital communication).

See you tomorrow!