ASUS Business Hub

According to Statista, people send 293.6 billion emails per day – it’s hard to conceptualise just how many messages that is – and that figure is only set to grow. By 2023, Statista expects that number to rise to 347.3 billion emails per day. That’s a lot of communication, and not all of it is well-intentioned. It’s likely your staff each has at least one email address for business use. Many people also have a personal email address, and perhaps even more – shared addresses for projects, a Gmail account, and so on. In each email contains the possibility for your business to receive a virus, an intrusion, or for staff to unknowingly hand over sensitive business information that could land you in hot water – legally, financially, ethically. Therefore, it’s important both you and those you work with understand how to stay safe as email communication evolves and grows. From phishing emails to suspicious attachments, we’ll cover what to look out for and how to know which emails are safe and which aren’t.

Types of Emails to Be Aware Of

There are multiple email types that all have a different purpose in getting something from your business, whether it’s information or money. Here are the five most common: Ransomware: Ransomware emails will tell you your system is infected, and unless you send them money, your system will be locked down, files will be deleted, and so on. In all likelihood, there is no infection or intrusion into your systems, and these emails can safely be ignored. It’s always best to check with your IT department however, to ensure this is the case. Phishing: Phishing emails look authentic, making you or your staff believe they’re from a reliable source; in reality, these emails are designed to obtain sensitive data like passwords. While they often look believable, taking some time to read them will uncover spelling errors, inconsistencies, or strange formatting. One of the simplest ways to check is hovering over any links included in the email (ensuring not to click them); while the link might for example, say “Google”, hovering over it reveals the real address. Spoofing: Similar to phishing, spoofing emails hide their real sender address, in order to convince you you’re receiving an email from someone else. It’s easy to spot these by checking the sender address box; expand the box fully using the arrow or plus symbol, and you’ll likely find a very suspicious-looking email address. Whaling: Whaling is a type of phishing, targeting executives and people in positions of authority or responsibility. Often looking official, these emails are targeted towards individuals rather than phishing email’s more general approach. These emails will often ask individuals to make payments or for items to be purchased and sent. The easiest protection against these types of emails is to ignore the email, and check directly with the supposed sender. For example, if it looks like your manager has asked you to send a payment, visit them in person to confirm the email (and its request) is really from them. Baiting: Baiting emails tempt the recipient with the promise of something valuable, instead getting the recipient to divulge sensitive information or hand over money and other valuables. Common sense prevails in this scenario: if it sounds too good to be true, it very likely is.

How to Prevent Email Attacks

Start by educating your staff. While it’s likely a primary concern for your business to prevent suspicious emails and the consequences that might follow, it probably isn’t the first thing on your colleague’s minds. Teach others about the types of emails mentioned above and how to protect against them. Knowing is half the battle, and makes such emails easy to spot going forward. Have your colleagues ask themselves these questions when receiving an email:

1. Does the sender’s address look correct? (Check the full address bar, some of which may be hidden).
2. Are the links correct? (Hover over them to check where they really lead).
3. Does the email look correct? Are there any formatting issues, spelling errors, weird language used?
4. Does it sound too good to be true?
5. Were you expecting this email?

You can always test your staff, sending them a fake email or two from time to time, and see how they respond. It’s common practice in IT environments to constantly test your security, ensuring there are no holes in the fence so to speak, and it’s a lesson worth implementing here too. Speaking of the IT environment, have your IT staff set up strong filters to prevent most of the easiest-to-catch suspicious emails. Between strong IT protection and a well-learned staff guarding against such emails, your business should avoid the worst the flurry of emails has to offer!