Email Security Guidelines
As part of our ongoing efforts to ensure the security of our company’s information, we would like to share some key recommendations on how to protect yourself against common email threats. The security of our data depends greatly on the vigilance and good practices of everyone who uses our digital communication systems.
Common Email Threats
Phishing:
● Description: Phishing involves malicious attempts to obtain sensitive information (such as passwords or bank details) by pretending to be a trusted entity.
● How to detect it: Be cautious of emails containing suspicious links, requests for sensitive information, or those coming from unusual email addresses. Always verify the sender and check the domain (e.g., @pharmamt.co
instead of @pharmamt.com
).
Domain Spoofing:
● Description: Domain spoofing occurs when an attacker forges the sender’s email address to make it appear as if it comes from a trusted domain, such as ours. This can trick recipients into believing the email is legitimate.
● How to detect it: Pay close attention to the full email address, especially the domain. Attackers may use similar-looking domains to confuse, such as @pharma-mt.com
instead of @pharmamt.com
. Be aware of small variations in domain names or characters that look similar, like using an “l” instead of an “i.” or “-“.
Malware:
● Description: Malware is malicious software that may be attached to emails, designed to damage or gain access to computer systems.
● How to detect it: Avoid opening email attachments from unsolicited emails or unknown senders. Check the file type of attachments; for instance, files with extensions like .exe
, .zip
, or even .docm
(documents with enabled macros) are particularly suspicious.
Spam:
● Description: Spam refers to unsolicited emails that, while often harmless, can clutter our inboxes and, in some cases, contain malicious links.
● How to detect it: Generic emails offering products, services, or promotions. Use Microsoft platform tools to report these emails as spam.
Best Practices for Email Security
1. Verify Links:
Before clicking on a link in an email, hover over the link (without clicking) to see the full URL. If the address doesn’t match what you expect or seems suspicious, do not click.
3. Use Strong Passwords and 2FA:
Ensure you use strong, unique passwords for your corporate email accounts and enable two-factor authentication (2FA) on your Microsoft accounts for added security.
2. Confirm the Sender:
Even if the email appears legitimate, if it asks for sensitive information, contact the sender by another means (such as a phone call) to confirm they actually sent the email.
4. Do Not Share Confidential Information:
Never share passwords, personal information, or confidential data via email, especially in response to unsolicited emails.
How to Act on a Possible Threat
If you receive an email that you believe could be malicious:
● Do not reply to the email.
● Do not click on any links or download any attachments.
● Report the email using the tools available in Microsoft Outlook to flag suspicious emails.
● Immediately notify the IT team of the incident so we can take appropriate action.
Resources and Assistance
For more details on identifying and handling security threats, you can contact the IT team jmolina@pharmamt.com directly.
Security is everyone’s responsibility, and with your cooperation, we can better protect our information and maintain the integrity of our systems.