Email Security Best Practices 


  • Check the email ‘from’ field to validate the sender. This ‘from’ address may be spoofed.
  • Check for so-called ‘double extended’ scam attachments. A text file named ‘safe.txt’ is safe but a file called ‘safe.txt.exe’ is not.
  • Report all suspicious emails to your information technology help desk.
  • Note that and are two different domains. (and only the first one is real)

Do Not 


• I hover my mouse over a hyperlink that’s displayed in the email message, but
the link-to address is for a different website. (This is a big red flag.)

• I received an email that only has long hyperlinks with no further information,
and the rest of the email is completely blank.

• I received an email with a hyperlink that is a misspelling of a known web site. For
instance, — the “m” is really two characters — “r” and “n.”