Unit 2: Reading e-mails or other messages
Our e-mail addresses and social network profiles are exposed, making us recipients of messages from third parties who may not always have good intentions. Individuals with malicious intent often disguise harmful links or attachments within the messages we receive. Another strategy they employ is involving us in unlikely events that, by chance, concern us, but require secrecy. To grab our attention and deter us from calmly inspecting the message or request, these messages usually have a profound impact, whether remarkably good or terribly bad. They aim to stimulate our curiosity and demand a quick response from us. Clicking on such links or opening attachments can lead to the silent installation of malware on our device, rendering us vulnerable to harmful actions from that point forward.
Practical example
While checking their e-mail, Pat comes across a message supposedly from the company’s IT department. The e-mail claims that the e-mail quota has been exceeded, and immediate action is required, which involves following a provided link. What should Pat do?
The safest course of action is to take a step back and reflect on the situation, even if the message demands immediate action. Pat should ask themselves the following questions:
- Is this situation likely? In this story, was the mailbox quota already near full? Have other colleagues or Pat themselves received similar messages from the IT department before? If not, before clicking the link, is it possible to contact the sender through an alternate channel, such as a phone call or instant messaging, to confirm that the message is legitimate?
- Is the sender’s e-mail address and/or the link to be clicked exactly from the company’s domain? If not, and without taking further action, Pat can and should send the message to the IT department for confirmation. If the message is indeed legitimate, the sender will provide further clarification, replying from an official e-mail address.
- Does the message follow the communication norms of the company, such as greetings and logos, or does it contain typos? If not, this is often a sign that the sender is a third party attempting to mimic the organization’s communication style.
In the case of even the slightest doubt, Pat should request confirmation from the IT department. Truly urgent issues are relatively rare, and typically, no further harm occurs if one takes 15 minutes or more to ensure the request’s legitimacy. It’s better to be safe than sorry, and after clicking on a harmful link or attachment, it can be too late to secure oneself.
Always remember that institutions have established protocols to protect themselves in specific user situations, whether it’s the IT department of your company, your savings bank, or your country’s tax system. Therefore, it’s unlikely that any institution would require immediate actions from you. Messages of this nature are most likely from third parties attempting to obtain sensitive information about you.