Email attacks and scams continue to be a pervasive nuisance at best, or increasingly harmful to organizations at worst. While in general you should avoid sending any sensitive information via email, below are additional tips you and your employees can put into practice to better safeguard both personal information and your company. 

1. Hover your mouse over email senders or links to see if the URL or email address looks valid. If it doesn’t appear to match up with the sender or website it wants you to visit, don’t click on it or respond to it.
2. Don’t open an attachment unless you know who it is from and are expecting it. A virus in an attachment cannot affect your computer unless you actually open the document.
3. Exercise caution when asked to enable macros. Check with your IT team before enabling any macros if you are unsure about what they are doing.
4. Don’t log into an account via a link provided in an email. If you are being asked to log into an account, instead of clicking on the link provided, go to the site directly by typing the web address into your browser. Then log in from there.
5. Don’t give your email (or any other information) to sites you don’t trust. Only provide information on sites that you are familiar with, do business with, know are legitimate, and where you are comfortable with how they may use your information.  Even if just signing up for free newsletters on a site, be cautious as you don’t know where your information will end up.
6. Avoid using your work email for banking or shopping sites. They are primary targets for large hacking efforts. Using your work email can compromise your entire organization’s network.
7. Be suspicious of messages threatening to shut down your account or service. If you think it may be a legitimate message, call their phone number to discuss further with a real person.
8. Don’t click “unsubscribe” links or respond to suspicious messages. This just lets them know your email address is valid.
9. Reputable businesses should not ask for personal information via email. Never provide it if asked. Again, call the business to speak with a representative.
10. Update your anti-virus software regularly. In the workplace, this is typically handled by the IT department; however, it’s important for home computers to be protected as well.
11. Be password savvy. Use different passwords at work and at home, and, in either case, use strong passwords. Make sure they are complex, containing a combination of more than 10 characters, symbols and numbers, and avoid using common words such as “password” in your password.

Keep in mind many email hackers are sophisticated and even pay attention to what time of year it is, a.k.a tax time. During tax season you may see more emails that appear to be tax related, such as communications from the IRS. Exercise the same cautions as above and learn more in “Tax ID Scams Don’t End with Tax Season: Know What to Look for Throughout the Year.”
 
Please contact Dave Marcus, CIO at Cohen & Company at dmarcus@cohencpa.com for further discussion.
 
Cohen & Company is not rendering legal, accounting or other professional advice. Information contained in this post is considered accurate as of the date of publishing. Any action taken based on information in this blog should be taken only after a detailed review of the specific facts, circumstances and current law.