To: All Employees
Subject: Email Safety Tip
So far this year, there has been a drastic increase in the amount of phishing and social engineering incidents being reported by organizations in the United States. These attacks are often sponsored by criminal organizations, and attempt to compromise account login information for sensitive systems or compromise the systems themselves. The goal is to extract data about our customers and our business, which is then sold or used to commit fraud. We need to be extra diligent in order to protect our customers and our organization from these attacks.
You can accomplish this by following a simple rule:
When an email asks you to call a number, follow a link, open an attachment, or any other similar activity, validate the message before acting on it!
Examples of how to apply this rule:
- Check links for validity before clicking on them by hovering the mouse pointer over them.
- Ask IT before saving or opening an attachment that you were not expecting to receive, even if it seems to be a “safe” file type (hint: there are no safe file types).
- If it’s a strange email but claims to be from someone that you are familiar with, call them on the phone. It’s possible that their email account has been compromised by a third party, or that a third party is attempting to impersonate them.
- If an email instructs you to modify system settings, such as enabling macros or disabling security features, report this to the IT department immediately. Under NO CIRCUMSTANCES should you ever attempt to configure your system based on what someone outside of the IT department says. All configuration changes to systems must undergo thorough review and testing by the IT department.
Finally, if you just aren’t entirely sure if an email is legitimate or not, please contact the IT department and we will be happy to review it with you.
Your IT department staff