Cybercriminals often pretend to be clients, suppliers, or even a colleague. Don’t rely on the display name alone, check the full email address carefully. Look out for unusual spellings, extra characters, or domains that don’t match the organisation they claim to be from. If something feels off, pause and double‑check before responding.
Attackers frequently impersonate internal staff to request gift cards, payments, or sensitive information. If something seems out of character or rushed, stop and verify before taking any action.
If you’re unsure whether an email is genuine, don’t rely on “reply”, that might go straight back to a scammer. Instead, call the person, message them on a known platform, or if they’re in the building ask them directly.
Scammers rely on a sense of urgency. Be cautious of messages saying things like “Pay this invoice now!” or “Your account will be closed!”. You can hover over links to preview where they really lead. If the URL looks strange or unexpected, don’t click. If the email claims to be from a service you use, manually type the website address or use your saved bookmarks.
Unexpected invoices, resumes, or documents are a common way malware spreads. Ask yourself: Was I expecting this? Does it look legitimate? If not, delete it or confirm with the sender using a separate method of communication.
Many file types — such as .exe, .zip, .iso, .js, .scr, and macro‑enabled Office files — are commonly used to deliver malware. Modern email systems allow you to automatically block or quarantine these high‑risk attachments before they ever reach your inbox. Enabling attachment filtering significantly reduces the risk of someone accidentally opening something harmful. If you need to exchange these file types for legitimate reasons, do it securely through approved cloud‑sharing tools rather than email.
MFA adds an extra layer of protection to keep attackers out, even if your password is compromised. A quick code from your phone or authenticator app can stop most account‑takeover attempts. It’s simple to enable and one of the most effective ways to secure your email.
You’re not alone, and we’re here to help! If you’ve entered information on a suspicious site, downloaded a file, or see emails sent from your account that you didn’t send, contact us immediately. The sooner we know, the more we can do to contain and reduce any damage.