Resourceful Finance Pro

2 minute read

Prevent cyberattacks by sharing this email cyber security checklist with your team

Brian Bingaman
by Brian Bingaman

Hackers love attacking via email because of how easy it is to do. That’s why an ounce of email cyber security can prevent a ton of fraud mitigation.

It’s critical that all employees who accesses email on your company servers be armed with the following knowledge to prevent email cyberattacks before they end up costing your organization big bucks to fix.

Although these “red flags” identified by security software company KnowBe4 may seem like common sense, staffers could forget about keeping email cybersecurity top-of-mind if they spot something in their inbox that looks like it needs immediate attention.

Sketchy senders

Signs of an attempted cyberattack can sometimes get missed because they’re hiding in the “From” field of an email:

  • Sender addresses that don’t belong to someone you know or ordinarily communicate with
  • The message isn’t related to your job responsibilities
  • The message is from someone you haven’t communicated with recently and includes an embedded hyperlink or an attachment
  • Sender addresses with a suspicious-looking domain, such as @micorsoft-support.com, or
  • The sender’s a co-worker, customer, vendor or partner, but the email’s tone seems out of character (a sign of a social engineering attack).

Email cyber security & the ‘To’ field

If you aren’t the only recipient of the message, watch out for:

  • people/addresses cc’d on the email you don’t recognize, or
  • an email sent to an unusual mix of people, such as a random group of people at your company whose last names start with the same letter.

Taking extra caution with links

Your company email cyber security protocols need to kick in immediately if:

  • hovering your mouse over a link displayed in an email reveals the link-to address is for a different website than what the links claims to be
  • the email only has long hyperlinks with no further information, and the rest of the email is completely blank, or
  • a hyperlink has a misspelling of a known website. Here’s a sneaky one – www.bankofarnerica.com. The “m” is really two characters – “r” and “n.”

Other quick email cyber security checks

To be on the safe side, flag these as suspicious:

How Not to Wreck Your Reconciliations
  • A time stamp way outside of business hours
  • Subject lines that don’t match the message content, and
  • A message that’s a reply to something you never sent or requested.
Brian Bingaman
Brian Bingaman
Brian researches and writes about accounts payable and CFO management trends. He was a newspaper journalist in suburban Philadelphia for nearly 20 years.