Email has become an essential tool for the day-to-day business. Thus, in our company e-mail account we request and receive a lot of information related to the work we do. This trend towards the digital world is causing that correspondence we received on paper to have been replaced by e-mail. One of the reasons this has happened is for ecological reasons, and the other, because the reception of the message is almost instantaneous. In this tutorial we are going to talk about how to combat fake emails in my company and how to protect ourselves from this threat.
Most of the security and information advice that we are going to offer will be of use to you both for work in your company and for private life. In this sense, cybercriminals, to obtain benefits, attack both companies and individuals, being able to use the same techniques on many occasions.
Fake emails in my company: why we should pay attention to them
The moment an email reaches an employee, they must be vigilant because it can be dangerous. In case of not paying enough care, we could suffer any of these threats:
- A Phishing attack
- Our computer can end up infected with malware, a computer worm, viruses, and more.
Therefore, when a message arrives in the worker’s email inbox, the worker should be alert. Cybercriminals are going to try to take advantage of your flaws and lack of security knowledge to profit. In this sense, you have to pay close attention because they can contain phishing, spam, malware and more. Thus, cybercriminals to capture the attention of victims use mail with striking subjects such as a raffle or a prize.
The number of email accounts of the workers
We must combat false emails in our company because they can be very dangerous. In this sense, an important factor is the number of accounts handled by our employee . For security reasons, it is obviously not good to use a single email account for everything. In this case, we mean that, for convenience, you use the same account for both work and private life.
The reasons are several, one that due to misuse of the worker’s free time / private life can end up harming the company. The other would be that having independent accounts would only affect one of the two facets, labor or private.
In this sense, employees, as a number of email accounts, should have:
- An email account exclusively for work.
- An e-mail for personal life (family relationships, friends, online banking and online shopping).
- Another to receive offers, request information and other situations that we do not see clearly. This can prevent us from spamming our main email accounts.
To avoid fake emails in my company, we must use our work email account with common sense. To the extent possible, they should be used to keep in touch with trusted people in our organizations and with those of others we do business with. We must think carefully about who we send an email to the first time and make the necessary inquiries.
A good practice can also be when you send emails to several recipients to use the blind copy option . Thus, you better preserve their privacy and also end up being a victim of Spam.
The protection of my company’s email accounts
A company handles and makes requests for confidential information between its own workers and those of other organizations with which it does business. Sometimes, false emails can be received in our company with the intention of stealing access to the email accounts of the employees of a company. If the attack is successful, we will have a significant loss of classified information, in addition to a loss of company reputation that can be difficult to recover.
For that reason, before something happens, you have to take action. One of them is that our first line of defense is constituted by a strong password . This password or password must be at least 12 characters long, and contain uppercase, lowercase, numbers and symbols. Another question that we must also do is change our passwords periodically .
Regardless of that, we can improve security with multi-factor authentication . In the hypothetical case that our password was stolen, they would not be able to access it until, for example, we entered an access code generated with the Google Authenticator app that we would have installed on our smartphone. That is one of the several ways that we could use in a Google account.
Finally, the password issue should avoid the use of joint email accounts in which many people know the password. On many occasions, the appropriate security measures are not taken or the password is changed.
Fake emails and clues to distinguish them
We can receive false emails both in our company accounts or on a personal level, we are all exposed to receiving them. Therefore, when we receive an email we must be prudent, cautious and pay attention to the details. One way to detect it is to look closely at the subject of the email . In that sense, we have to look at the language, if it is a language that is not common to those of the e-mail we receive for work, we must be suspicious. Also, when the subject contains spelling mistakes you should be suspicious.
Also, when it comes to an unknown sender , you have to be very careful. Here’s an example:
In most cases it is spam or junk mail . They are a waste of time for the worker having to erase them and many times it generates stress.
However, on other occasions we encounter greater threats. One of them is Phishing attacks that aim to steal a user’s credentials and passwords. Usually it is a link to a false web page that pretends to be legitimate and in it users have to enter their data. Ultimately, that username and password information ends up in the hands of cybercriminals. Some details to detect Phising attacks are:
- They play with time and urgency.
- They have a text that is badly written or with misspellings.
- Checking that the URL corresponds to the legitimate one.
In the fake emails in my company another of the most important dangers comes from the improper download of attachments . These downloads could introduce malware, viruses or computer worms that could infect a computer. On the other hand, there is also the Ransomware that can encrypt our files to ask for a ransom later. Not to mention that sometimes these threats can spread through the company’s local network to other computers.
How to protect yourself from fake emails in my company
Some workers are aware of the dangers that can occur if emails are not used properly, such as a Phishing attack.
Unfortunately, many others are unaware of them and a large majority would not know how to act if they had to face this problem. We must deal with false emails in my company by providing our employees with adequate training and tools. In this sense, what must be provided to workers are courses with which they can effectively face a real threat.
Thus, they can work with Phishing simulators to prepare for this type of attack. Also use awareness educators to have cyber security training, and additionally use email threat simulators . We must not forget either to have a good backup policy and a contingency plan in the event of a security breach.
In short, fake emails in my company can cause serious financial damage to the survival of our organization. For this reason, we must provide continuous training to our employees and take the necessary security measures.