Once you've identified a suspicious email or message, you and your teammate should ask: What happens if I simply delete this email? Keep that thought in the back of your mind as you verify the email itself.
You can copy and paste the email message into an online checker such as https://easydmarc.com/tools/phishing-url (Bookmark this resource now!) - this will “defang” the email and let you know if the email passes it's scam & phishing tests.
If you're still unsure about the email, try contacting the sender! That's right, check with them. Use Independent Contact Methods but DO NOT use any included contact information in the suspicious email (for example, a phone number or link). Also, don't reply to the email!
Instead:
- Look up the organization's phone number from their official website
- Call them directly using a number you find independently
- Log into your account by typing the URL directly (not clicking email links)
- Visit a physical branch if applicable.
Ask them -
- "Did you send me an email about [topic] today?"
- "Is there an issue with my account?"
- "Can you verify this request through your system?"
If all of these questions point to the email being a scam or a phishing email, then you've got your actions sorted - delete it! If the questions prove that the email is legitimate, then keep it! Either way you have positive, affirmative action.
I'm still not sure!
If you're still unsure, we'll go back to the original question we posed at the start of the lesson - What happens if I simply delete this email? Will it cause issues for you or the business if you simply delete the email and wait for the follow-up if it is actually legitimate?
Comments are closed.