Begin by taking charge of your feelings. Although challenging in a demanding profession, this serves as your primary defense, and your employer will appreciate your composure (or they ought to).
Always Verify Using an Alternative Channel
Having started to doubt the credibility of the urgent plea, ensure that the email originates from the claimed sender. The most effective way to achieve this is through verification—tread cautiously.
“If you find yourself in receipt of such an email, it is crucial to dial the known legitimate number,” as suggested by Larson, with a word of caution. “Never trust the contact number provided in the email—it is likely controlled by the malicious actor.”
This stands as a critical juncture: Any contact details within the email are probably compromised, occasionally in a sophisticated manner. Reach out using the phone number saved on your device for the individual in question, or locate the number on an official site or directory. This principle applies even if the displayed number seems accurate, as scammers might go the extra mile to secure a similar number to the one being impersonated, hoping you will choose that number over the authentic one.
“I’ve observed cases where phone numbers differed by only a few digits from the genuine one,” notes Tokazowski.
Contact the individual who allegedly sent the email—using a verified number—and validate the validity of the request. Alternatively, leverage a secure communication channel like Slack or Microsoft Teams, or, if feasible, approach them in person. The objective is to corroborate any urgent appeal beyond the initial email. Even if the individual is a senior figure, do not hesitate to double-check.
“The individual being impersonated would undeniably prefer verification over the risk of incurring financial losses through a fraudulent transaction,” Larson emphasizes.
Inspect the Email Address
In certain cases, reaching the supposed sender may not be feasible. In such instances, there are several techniques to discern the authenticity of an email. To start, scrutinize the email address to confirm it is authentic and uses the company domain.
“Always scrutinize the domains from which you receive emails,” Larson advises. It might be apparent at times; for instance, your CEO is unlikely to email you from a Gmail account. However, at times it could be more nuanced—scammers have been known to acquire domains resembling those of the targeted company to appear legitimate.
Additionally, cross-reference the email signature with the sender’s address. “The footer typically contains the company’s authentic domain to establish legitimacy, but this might not match the email address,” explains Larson. Be cautious to identify subtle differences. “Imitation domains are prevalent: variations like replacing an ‘i’ with an ‘l’ make it seem legitimate.” To verify suspicions, paste the domain part of the address into a browser. If a website does not load, it is likely a counterfeit.
About Author
