Be wary about emails that "just don't sound right"

Be wary about emails that "just don't sound right"


Barbara Eastman

3/26/2021

This is a blog post that I wrote a few years ago, but the topic continues to plague our community, and has actually gotten worse lately – "impersonated" emails that frankly, just don't sound right. No one from the conference or district offices is going to ask you to go out and buy something for them and reimburse you the next day. If you get a message from any of us asking you to do something that we wouldn't normally ask you to do, please give us a call.  Staff phone numbers are listed here: https://www.nyac.com/conferencestaff

Other email issues that crop up on a regular basis:

"Spoofing" emails that folks have been getting from what appear to be nyac email addresses or from other institutions which vaguely appear legitimate. These are probably "phishing" attempts — spoofed emails that arrive with links to banks, credit card companies, etc. that go to a forged Web site. (Full definitions are listed at the bottom of this message.)

I realize that getting a spoofed email from what appears to be a colleague or your bank is sometimes disconcerting. There is not a lot anyone can do about blocking these emails. 

If you receive an email from what appears to be a legitimate email address, but the content looks suspicious:

  • If comes from someone you don't know, just delete it.
  • If the person is a colleague, business contact, friend or family member, call them (or walk to their desk) and ask if the message is legitimate.

NEVER click on a link or open an attachment in a suspicious email — you will open yourself up to identity theft and open up your computer to viruses, Trojan horses, etc. If you get an email from your bank, credit card company, or other companies with whom you have an online account asking you to log in and update your information, don't click on the link. Go directly to their Web site through your browser and see if there's a message about a need for updated info. That's the only safe way to manage this.

When you get a spoofed email, just delete it and think about how fortunate we are to have email in the first place — warts and all!

 

Definitions:

Spoofing — An email with the "sender" address appearing to be someone it's not.

Defined by Wikipedia:
Email spoofing is email activity in which the sender address and other parts of the email header are altered to appear as though the email originated from a different source. Because core SMTP doesn't provide any authentication, it is easy to impersonate and forge emails.

Although there may be legitimate reasons to spoof an address, these techniques are commonly used in spam and phishing emails to hide the origin of the email message.
 

Phishing — Spoofed emails that arrive with links to banks, credit card companies, etc. that go to a forged Web site.

Defined by Wikipedia:
Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing emails may contain links to websites that are infected with malware.

Phishing is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.