4 Emails You Should NEVER Open
No matter how “bomb-proof” we make your network, you and your employees can still invite a hacker in if you click on a link or open an attachment in an email sent by a cybercriminal. While some spam is obvious (can you say, “Viagra at a discount”?), others are very cleverly designed to sneak past the filters and trick the recipient into opening the door.
Known as a “phishing” email, this still is the number one way that hackers circumvent firewalls, filters and antivirus programs. So it’s critical that you and your employees know how to spot a threatening email.
You should always be on high alert for these four types of email ploys.
The Authority Email. The most common phishing emails are ones impersonating your bank, the IRS or some other authority figure—the assumption being that you’ll do whatever they ask because the name evokes a sense of authority.
A good rule of thumb is to avoid any email with these characteristics:
- You don’t personally know the sender. This includes emails from the IRS, Microsoft or your bank
- You are asked to verify your account or else it will be deleted. Remember, any important notification will be sent via old-fashioned snail mail. If it’s important, they can call you.
The Account Verification Email. Any email that asks you to verify your password, bank information or login credentials (or to update your account information) should be ignored. No legitimate vendor sends emails asking for this information; they will simply ask you upon logging in to update or verify your credentials if it is necessary.
The “Please Buy” or “Please Do” Email. A current email scam that is gaining traction (and has been very successful) is the spoofed email—an email that appears to be sent from someone you know but was actually created with a forged sender address. Such emails will ask that you perform a task like purchasing gift cards (or some other portable, generally untraceable currency or product) and sending it somewhere.
This scam uses traits of the Authority Email attack to prompt the victim into complying; in fact, recent attacks have included members of C-suite management in victims’ workplaces. There is usually a reason the victim cannot contact the claimed sender—for example, they’re on a plane, overseas, or in an important meeting and there is a tight deadline.
If you see this, ignore the friendly name and take a close look at the sender’s email address. You’ll probably see that it looks nothing like the address he or she normally uses.
The Zip File, PDF, Picture or Invoice Attachment, or Web Link. Unless you specifically know the sender and are expecting the attachment, never ever open an attachment. That includes PDFs, zip files, music and video files, and pictures of kids, grandkids or vacations.
You should also beware of anything referencing an unpaid invoice or accounting file. Many hackers use this to get people in accounting departments to open emails. Of course, any file can carry a virus. So it’s better to delete anything remotely questionable than be sorry.
However, don’t forget that an email doesn’t need an attachment to be a threat. Emails containing merely a weblink to somewhere else is just as dangerous and should be avoided.
Your technology solutions consultants at James Moore keep tabs on the latest email scams and other threats to your technology. Contact us today for a free network security assessment at your organization.