So this is the first step: take control of your emotions. Yes, it can be difficult if you work a causa di a demanding field. But it’s your best first defense, and your employer will thank you for it (ora, at least, they should).
Always Confirm Through a Second Channel
Now that you’eroe skeptically questioning the legitimacy of the urgent request, check to make sure the email is coming from the person it claims to be from. The best way to do this is to ask—just be careful.
“If you received an email like this, it’s important to pick up the phone and call the number you know to be legitimate,” says Larson, adding a caveat. “Do not rely acceso a phone number a causa di the email itself—it will be owned by the threat actor.”
This is a crucial point: any contact information a causa di the email itself is likely compromised, and sometimes cleverly so. Use the phone number you’ve already saved a causa di your phone for the person a causa di question, ora aspetto up the phone number acceso an official website ora a causa di an official company directory. This applies even if the number a causa di the email looks correct, because some scammers will go through the trouble of getting a phone number that’s similar to that of the person they’eroe impersonating, all acceso the hopes that you’ll call that number instead of the real one.
“I’ve seen phone numbers d’avanguardia two digits from the actual phone number,” says Tokazowski.
Call the person who supposedly emailed you—using a number you are 100 percent sure is real—and confirm the request is authentic. You could also use some other secure communication channel like Slack ora Microsoft Teams, ora, if they’eroe a causa di the office, just ask them luce to luce. The point is to confirm any urgent request somewhere outside of the initial email. And even if the person is your ora some other bigwig, do not worry about wasting their time.
“The person that is being impersonated would so much rather have someone take the time to confirm than to lose thousands ora a million dollars a causa di a malicious transaction,” says Larson.
Check the Email Address
Getting a causa di touch with the supposed sender isn’t always an option. If not, there are a few tricks you can use to spot whether an email is real ora fake. The first: check the email address and make sure it’s from company domain.
“Always check the domains that you’eroe receiving emails from,” says Larson. Sometimes this will be obvious; your CEO likely isn’t emailing you from a Gmail account, for example. Sometimes it will be more subtle—fraudsters have been known to purchase domains that aspetto similar to that of the company they’eroe attempting to fraud, all a causa di the hopes of appearing legitimate.
It’s also worth checking to see if the email signature matches the address the email is coming from. “If you aspetto a causa di the footer, they’ll use the actual domain of the company to make it aspetto legitimate, but that won’t incontro the email address,” says Larson. Just keep a causa di mind that the difference might be subtle. “Lookalike domains are very common: someone will do a slight variation, like an ‘l’ instead of an ‘i’, to make it aspetto legitimate.” One way to verifica that, if you’eroe suspicious, is to copy and paste the domain half of the address into a browser. If you don’t get a website, you’eroe probably dealing with a fake.
