Email is a commonly used method of communication in both academic institutions and the corporate world. It is important to be vigilant about what is clicked on, downloaded, and transmitted, especially with the increase in social engineering tactics and spoofed domains. Threat actors may send phishing emails that appear to be from a trusted classmate, teacher, or colleague, and contain attachments or links that, if clicked, attempt to install malware or direct the target to a spoofed website to steal credentials or other sensitive information. Stolen credentials could then be used to send “trusted” emails to others in the academic institution to further compromise accounts or infect systems and networks with ransomware or other malware.
Email best practices:
- Identify common red flags. Suspicious emails may contain external email tags but purport to come from internal sources, grammar and spelling errors, oddly placed upper and lower-case letters, incorrect or missing signature blocks or company logos, or words uncommonly used in everyday communications.
- When in doubt, throw it out: If a message or a request looks suspicious or is “too good to be true,” delete it.
- Refrain from taking action, such as clicking links or opening attachments, on any emails received from unknown senders. Links and attachments delivered in emails are the most common tactics used by threat actors to deliver malware to end user devices.
- Confirm the legitimacy of emails from known senders that request sensitive information by contacting the sender via a separate means of communication. Threat actors often impersonate legitimate and known individuals and academic institutions to convince targets to take a desired action that would compromise their device, data, or account.
- Say “no” to macros. If a file is accidentally downloaded, refrain from enabling macros or content as this is often a technique used to deliver malware.
- Verify domain names. Hover your mouse over the link to verify the URL before clicking or, instead, manually type the URL directly into the address bar of your browser. Once the website’s legitimacy is confirmed, bookmark the page when needed.
A little bit of caution goes a long way in helping prevent email based attacks. If you have any questions related to the above tips or solutions to help increase your email security, please visit us at powersolution.com or give us a call at 201-493-1414 opt 1.