Email Security Tips for IT Admins

Let’s say you’re pretty certain the email you just received is legitimate, and it has an attachment included with the email that you want to open. You need to scan the attachment first.

Your computer has an antivirus scanner on it. (Or, if it doesn’t, go yell at your IT administrator for falling down on the job.) Odds are, you can right-click on any email attachment before you download it, or at least before you open it, and there will be an option to use your security scanner to check if the attachment is safe.

Email attachments are the easiest way for hackers to infect your computer—and your company—with malicious software. Always scan email attachments before you open them—even in emails from people you know.

Just because that email appears to be from your sales manager John Doe, that doesn’t mean it’s really from him. Hackers can “spoof” email addresses to make them look like they came from someone else. Hackers could also have hacked John’s email account and are using it to send dangerous attachments. Or—and this is very common—John could simply be a lot less careful than you are and he is unknowingly passing around an infected attachment, putting everyone else at risk.

A wise man once said trust, but verify. No matter who sent you an email attachment, scan it before you open it. It’s always better to be safe than sorry.

Verify Links in Emails Before You Click Them

Just like email attachments, links in emails need to be checked before you open them. Websites can be “spoofed” just as easily as email addresses, but fake websites are also much easier to notice if you know what to look for.

Let’s say, for example, someone sent you a link to a news story from The Chicago Tribune. First, you need to make sure the link actually points to The Chicago Tribune. If the sender formatted the email to hide the link—or example, you need to click some text like click here or check this out—you should check to see what the actual web address is before you click on the link.

If you hover your cursor over the linked text and wait a moment, most mail programs or web browsers will show a small pop-up—either directly over the link or at the bottom of the screen—which tells what web address the link is pointing to. Always check your links before you click on them!

In our example, the web address should include chicagotribune.com somewhere inside the link. There should be no text or symbols between chicagotribune and .com. Hackers often confuse their victims by creating web addresses that look like real websites, but are actually part of a different site altogether.

For example, hackers might create a fake website called newssource.com and then make it look like The Chicago Tribune by creating a web address like chicagotribune. newssource.com. At first glance, it looks like you’re going to the Tribune’s web site, but you’re actually going somewhere on newssource. com.

Even if the web address is fully spelled out in the body of the email—for example, it says http://www. chicagotribune.com—hover over the link to be sure it’s actually going to chicagotribune.com. Often times, it isn’t. If a link points somewhere other than where it should, or the address looks unusual, don’t click on the link. When it comes to email security, it’s better to be safe than sorry.