This post is part of a series. Practical email security guide » How to spot a suspicious email
Which of these emails looks legitimate to you?
The difference is small, but the one on the right is legitimate. It’s the “from” address that gives it away. The one on the left is from instantink.hpsmarrt.com with two “r” characters together in “smart”.
There are other ways to question this email:
- Is this from a service I have used in the past?
- Do I still use this service?
- Is that model printer the model I have or once used?
But assuming all those things are true, how do you know to check this in every email? That would be exhausting.
Use the website directly instead of clicking a link
Tip: when in doubt, go check manually
If even for a second you thought, “I don’t often get emails from this service, but I have used it before,” you can skip the risk by just going to the service’s website directly.
In this case, you could visit HP’s website in your browser, login, and check your account without ever clicking the links in the email.
This same strategy works for your bank, PayPal, and any other service that routinely handles sensitive information. PayPal is a common email scam target because so many people have an account, use it relatively infrequently, and PayPal has historically had simple, easy-to-recreate email designs that don’t trigger suspicion.
Want more? Check out the rest of this email security series.
Does your team need some cybersecurity help?
VPC can conduct onsite, interactive, tabletop, and virtual cybersecurity training and audits that go beyond email security.
We’ve worked with the Midwest’s largest governments, enterprises, and healthcare providers to audit, protect, and train organizations to react and respond to malware, ransomware, cybersecurity, and more.