IT Help Desk Portal

717-214-0976
Login Sign up

Protect Yourself from Email Spoofing

Modified on: Mon, Oct 24 2022 9:18 PM


 

Tip 1: Don’t trust the display name

 

A favorite phishing tactic among cybercriminals is to spoof the display name of an email account. For example, see the image above.  An email is coming from “Mark Adams” but upon a closer look, the actual email address is hacker@gmail.com.

 

This requires us, as employees, to remain vigilant and on the look out for potential spoofing.  On a computer, we can hover the cursor over a display name to see the actual email address.  On a mobile device, it may require us to fully expand the message information.   

 

 

Tip 2: Look but don’t click

 

Cybercriminals love to embed malicious links in legitimate-sounding copy. Hover your mouse over any links you find embedded in the body of your email. If the link address looks weird, don’t click on it. If you have any reservations about the link, use the Phish Alert Report in Microsoft Outlook.

 

 

Tip 3: Check for spelling mistakes

 

Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.

 

 

Tip 4: Analyze the salutation

 

Is the email addressed to a vague “Valued Customer?” If so, watch out—legitimate businesses will often use a personal salutation with your first and last name.

 

 

Tip 5: Don’t give up personal or company confidential information

 

Most companies will never ask for personal credentials via email--especially banks. Likewise, most companies will have policies in place preventing external communications of business IP. Stop yourself before revealing any confidential information over email.

 

 

Tip 6: Beware of urgent or threatening language in the subject line

 

Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or ask you to action an “urgent payment request.”

 

 

Tip 7: Review the signature

 

Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details. Check for them!


Was this answer helpful?