Skip to content

Sensible Email Practices

  1. Never Click Links or Open Attachments Without Verification: Be absolutely sure of the sender's legitimacy before taking action on an email. A moment of caution can save you hours-or even days-of potential recovery from a breach.
  2. Assess Language and Tone:
    • Does the email feel generic or automated?
    • Does the tone sound like the person you know?
    • Look for inconsistencies in grammar, spelling, or structure.
  3. Expect the Unexpected:
    • Were you expecting this email, link, or attachment?
    • If not, confirm with the sender through a known communication method—never use the reply button to validate a suspicious email.
  4. Be Suspicious of Urgent or Unusual Requests: Scammers often create a sense of urgency to bypass your better judgment. Take a moment to validate any high-priority requests.

Spotting the Difference: Bad vs. Good Emails

Example of a Bad Email:

From: Dan White [mailto:dan@runpcrunmail.com]
Sent: 4 December 2024 10:32
Subject: Shared Document via Google Drive

Access your file here:
http://random-link.com.ng/fake-url/index.htm

Google Drive: create, share, and keep all your stuff in one place.

Red Flags:

  • No Personalisation: Generic tone with no specific references.
  • Suspicious Links: Hover over the links - do they match the claimed source? In this case, the links are clearly not Google Drive URLs.
  • Unexpected Email: If you’re not expecting a file or document, always treat the email with suspicion.

Example of a Good Email:

From: Dan White [mailto:dan@runpcrunmail.com]
Sent: 4 December 2024 10:32
Subject: Shared Document via Google Drive

Hi Tony,

As discussed regarding the Q4 project, here’s the updated spreadsheet. Let me know if you have any questions.

To access:
https://docs.google.com/spreadsheets/d/124F84niUWZuXNv2zHVGjwTcHc28nXjdH4fKRAmKXxGA

Google Drive: create, share, and keep all your stuff in one place.
Regards, Dan!

Dan White, runPCrun

Why It’s Likely Safe:

  • Personalised Content: References specific projects or conversations.
  • Legitimate Links: Links match Google’s domain and purpose.
  • Expected Communication: The content matches your ongoing work.

Tools and Tips

To stay ahead of increasingly sophisticated attacks, consider these additional safeguards:

  1. Use Email Security Tools: Advanced tools like AI-powered threat detection can identify phishing attempts in real-time.
  2. Adopt Domain Protection Standards: Set up DMARC, DKIM, and SPF to prevent your email domain from being spoofed.
  3. Implement Zero-Trust Policies: Require authentication and verification for access to sensitive systems, regardless of user location.
  4. Train Employees Regularly: Ongoing training ensures staff are familiar with the latest phishing tactics, such as deepfake voice scams or AI-generated emails.
  5. Set Up Multi-Factor Authentication (MFA): Even if credentials are compromised, MFA adds an essential layer of security.
  6. Report Suspicious Emails: Ensure staff know how to report phishing emails internally so we can address potential threats swiftly.

By staying vigilant and following these updated best practices, you can significantly reduce the risk of falling victim to phishing attacks. When in doubt, remember: a moment of caution can prevent a major breach. Stay safe!