Email Security Best Practices 

Always

• Check the email ‘from’ field to validate the sender. This ‘from’ address may be spoofed.
• Check for so-called ‘double extended’ scam attachments. A text file named ‘safe.txt’ is safe but a file called ‘safe.txt.exe’ is not.
• Report all suspicious emails to your information technology help desk.
• Note that www.microsoft.com and www.support.microsoft.software.com are two different domains. (and only the first one is real)

Do Not 

HYPERLINKS:

• I hover my mouse over a hyperlink that’s displayed in the email message, but
the link-to address is for a different website. (This is a big red flag.)

• I received an email that only has long hyperlinks with no further information,
and the rest of the email is completely blank.

• I received an email with a hyperlink that is a misspelling of a known web site. For
instance, www.bankofarnerica.com — the “m” is really two characters — “r” and “n.”