You are checking your email and see one from your boss or coworker and you open it. They say they are stuck in a meeting and need you to run an errand to buy them gift cards for their great nephew’s cousin’s best friend’s sister’s dog’s birthday present. This is a suspicious email, and there are many others like it to try and trick you to giving out personal information or to steal your money. Knowing the signs and tricks of these malicious senders can help you prevent a security breach or losing your hard-earned money.
Phishing emails are messages that attempt to gain access to your accounts by tricking you into sending logins or passwords. This can come about in a variety of ways, but usually the sender poses as a company you have an account with, then can say something like “Your account has been compromised, please click this link to confirm your login” and steal your information through the bad link you clicked. Many of these emails look identical to the real thing, so how can you tell the company from the phisher?
By checking the email address of the sender, you can check to see if the domain name is correct for the company. For example, an email address of “email@example.com” is much more trustworthy than “firstname.lastname@example.org” because the domain name isn’t accurate.
Spoof emails are any email that says it comes from a person, but the email address is not correct. Like we saw with the phishing emails, the domain name is often incorrect when dealing with a spoof email. However, spoof emails can appear like they are from anyone, like your coworkers or boss. You could receive an email that looks like it is from someone you know, but it could have malicious attachments or ask you to buy gift cards. Often when you open these emails, the writing style of the person is off from what you know, it may be lacking their usual signature, and it could have bad grammar. All of these should be red flags in your mind, all of which can be confirmed by an odd email address like the phishing ones mentioned earlier.
Unlike spoof emails, these emails come from a legitimate email of someone you know. That person’s email was hacked, which can happen if they click on something suspicious or perhaps fell victim to a phishing email. This makes it more difficult to tell if the email is legitimate because you cannot check the email address. However, the writing style, signature, and bad grammar mentioned earlier can still apply. If you are suspicious, don’t click anything. When in doubt, give the person a call or ask them in person if they sent you the email.
What Do I Do If People Tell Me They Are Getting Suspicious Emails from Me?
Most often, the emails they are receiving are spoof emails. There is not much you can do with those, and they are harmless so long as no one clicks anything or sends money. The best course of action is to have the receivers verify that the email address is not your real email address, and then let your coworkers know about the spoof emails so they are prepared to delete them.
What If My Email Is Actually Compromised?
Firstly, you should call helpdesk at (906) 632-5673 or extension 5673 to let them know the situation. You will have to change your active directory password, which will change email and computer passwords. Then let your coworkers know to look out for suspicious emails from your account and let them know you are compromised.