Protecting Your Email: Phishing Scams & Spam

Many of us use our email every day, whether for personal usage or commercial. Businesses use email for customer support and to internally manage their operations and team. It’s an easier way to connect – but it comes with its own set of risks. For businesses and individuals, email security is vital to ensuring your privacy and private information is protected.

Protecting your email, or email security, is necessary to prevent the spread of malware, phishing attacks, and spam. Email tends to be an extremely common area for hackers and cyberattacks to find holes in network security and obtain sensitive data.

What kind of risks can threaten my email security?

More and more, cyber attacks are targeting the emails of businesses and private individuals in order to gain access to systems, infect devices, and seize private information. It might be helpful to you and your employees or loved ones to educate themselves on what a malicious email or phishing attack may look like – even if they are not obvious at first.

Here are the kind of malicious emails and cyber attacks that may pose a threat to your business or personal information and data.

Spear-phishing emails

Phishing scams are the most popular form of cyber attack. They are emails that appear legitimate but are malicious and generally contain insecure links or attachments that can infiltrate your device and/or network once clicked or downloaded. Phishing can also exist in the form of phone calls and text messages. Some phishing emails can appear “generic.”

Spear-phishing emails come from threat actors and are sent to specific targets – a member of the family, an organization, or a company. These emails are designed by using personal characteristics in the subject line, body of text, etc. – typically having gained this information from social media. These emails are less generic due to them containing personal information and are more likely to be clicked on.

Whaling emails

Threat actors send these emails to “high profile” individuals, and sometimes executives in companies. These are targeted emails that are intended to convince the recipient with personal information. These emails take less effort from cybercriminals and use public information from websites and social media.

How do I identify potentially malicious emails?

Without education or information on how to identify malicious emails, identifying phishing scams before interacting with them can be difficult. Here are some steps for identifying potentially malicious emails:

• Check to see if the sender’s email has a valid domain name and username. A malicious address may have a generic domain name and misspelled or unusual server name.
• If the sender sounds familiar to you, check to see if the tone of the email is relevant to the individual. The body of the email may even contain grammatical errors, spelling errors, or typos.
• If the email comes off as threatening, it may be malicious.
• If the email is promising something that may sound too good to be true, it may be malicious.
• Companies, friends, and high-profile individuals will not ask for personal information. If that is being requested in the email, it may be suspicious.

If you receive an email that you believe is suspicious, do the following:

• Do not open an email you believe to be suspicious. If you know the sender, contact them by means other than email to confirm the email was sent by them.
• Do not click on any links or attachments included in the email. If the email requests you enter payment information or user account information, do not click.
• Report any emails you deem suspicious. If the email is abusive, criminal, or offensive in nature, report it to your local police and save the message for investigations. If the email was delivered to a work account, report it to your organization’s IT.
• Do not forward the email to anyone else.

How do I protect my emails from cyber attacks?

Alongside proper education on how to detect phishing emails and spam, there are some additional steps you may take to boosting your email security. Consider the following:

• Setting up a spam filter. Did you know that phishing attempts, scam emails, and unsolicited email messages can account for over half of the emails that an individual or a business receives? Email is the primary source of malware and viruses. You can use an email-filtering service as an anti-virus strategy from a reputable organization. Ensure that your filter is reviewed regularly so that important emails and legitimate domains are not being blocked.
• Educate your household and/or business on the importance of protecting sensitive information. There are always incidents when it comes to email, as email is not generally all that secure on its own. Tell your employees and/or your family members how best to identify the risks that come with email usage. You can use media to do so or even online training programs.
• For businesses, implement an email usage policy. Your policy should set out in plain words how the company email system should be used and what data may be sent. You should also address privacy, acceptable use, and retention.

Finally, things slip through the cracks. If you, an employee, or a family member clicks on a malicious link or attachment, you may end up having to deal with the aftermath of a cyber attack event. Technology on its own cannot prevent your family or your business from cyber risks. Consider purchasing Cyber Liability insurance as an added layer of protection against digital crime and threats that target you and/or your household or employees.

See more information on Cyber Liability below.