When you receive an email from someone you know or an organization with whom you have been doing business, your defenses are usually down. You have known this person for a long time or you have been dealing with that company for years. Maybe it is a brand that elicits trust…Microsoft, Amazon, Apple, Verizon, etc.
However, are you sure that the person who sent that email is indeed who you think it is? Is it really Sally whom you have talked to, whose son plays high school basketball and is preparing for graduation? Poor Sally sure is gonna miss him when he heads off to college. She says in her email that she needs you to resend your company’s account info for an internal audit they’re undergoing and you know she’s been stressed about it.
Are you sure that the alert email came from Amazon? It says an order was placed on your account for 5 new iPhone 13’s and they are checking to be sure it was you who ordered them before they charge your credit card. That’s great that Amazon knows your buying habits and is trying to protect you. The email provides a link for you to easily click on and enter your credentials to submit a response that you did NOT order those phones and to make sure they do not charge your credit card on file. Whew! That was a close one.
You can sleep well tonight. You helped Sally through her company audit. She’s dealing with the stress of empty nest and this audit must be really tough for her. You’re glad you could help her out. She is a nice lady. And thank goodness the folks at Amazon are watching out for you. The charge for 5 new iPhones would have probably maxed out your credit card and you would never have known until you got the bill – and no iPhones.
Except you don’t sleep well because you have nightmares. When you wake up in the morning you realize it was not a dream. You suddenly get a sick feeling that something may not be right. As soon as you get to the office, you call Sally. That email was not from her. Then who did you send your company’s account information to? While your company CISO and her security team are tracking that down you step outside and call Amazon to ask about that charge they emailed you about. Your stomach sinks again when they tell you that there was no charge and that they did not send that email. However, there have been some new charges this morning. But you know it wasn’t you.
The moral of the story is you never know who is on the other end of an email. Phishing emails that come from people or companies you have never heard of or worked with before are easy to spot as fake. However, the toughest ones are those that pretend to be someone you know or trust.
Don’t be afraid to double-check. Call Sally when you get an email asking for information that would be harmful to your company if you sent it to someone other than her. If you need to log in to a site as a result of an email, don’t trust the link they send you. Go to the site the way you usually would. Use the app you always use.
We have become so accustomed to the convenience of text messaging, emails, and all things automation that we allow ourselves to be tricked into becoming a victim. Take that extra minute. In the long run, it can save you many hours, money, trouble, and maybe even your job.