Here is a guide for employees about what to do with suspicious emails.
What to do with Suspicious Emails
1. Do not click on any links in the email.
Suppose you receive an email with links, do not click on it. Do not even click on the email itself. Forward the email to your supervisor or someone in management. If you are not sure what to do, call the company’s IT department for advice.
If you are using a work computer, don’t worry about infecting the computer. Any malware installed will be detected by the company’s Anti-Virus software or by IT staff.
2. Do not reply to the email
Do not reply to the email and do not open any attachments. Just forward them to your supervisor or IT department and delete them from your computer immediately.
When you do reply, you are acknowledging the email. This means that the attacker will know that you have received the email. The attacker may then do a variety of things, including sending you a follow-up email again, but this time with a link to a malicious website.
3. Do not click any links in emails from persons you do not know
If you receive an email from an unknown person, do not click any links or open any attachments or reply to the message. Simply delete or forward it to your supervisor or the company’s IT department.
If you are using a company computer, don’t worry about infecting your computer. Any malware installed will be detected by the company’s Anti-Virus software or by IT staff. However, if you are using a personal computer, you should scan your computer for malware immediately.
When using a company computer, do not open any attachments or reply to the message. Forward it to the company’s IT department and delete it from your computer.
4. If you receive a suspicious email, do not click on any links or open any attachments.
Do not reply to the email and do not open any attachments. Just forward them to your supervisor or IT department and delete them from your computer immediately.
Issue a memo to all employees about what to do with suspicious emails and ask all employees to forward any suspicious emails to management or IT staff. If you are using a company computer, don’t worry about infecting your computer. Any malware installed will be detected by the company’s Anti-Virus software or by IT staff.
However, if you are using a personal computer, you should scan your computer for malware immediately.
Follow these steps, for example:
- Delete the suspicious email and any attachments without clicking on anything or replying to the message
- Scan your computer for malware
- Forward the email and any attachments to management or company IT staff (if you can’t delete them, try forwarding them as an attachment).
The Email is not from an Internal Source
If you receive an email that claims to be from someone inside the company but is not, then it’s likely that it’s a phishing email. Check the email address again, look for typos and misspellings, and verify whether it is a valid address at the company. In addition, if you have any doubt about whether it is legitimate, call the sender of the message on the phone.
If you have sent an email to a customer and want to send another reminder, use a BCC (Blind Carbon Copy) instead of CC (Carbon Copy). The BCC feature allows you to send a copy of an email message that does not show up in the recipient’s inbox. This helps prevent information overload for customers who receive multiple messages from various people at once via one email account.
