Be Spoof-Proof

Recently, I received a spoofed email from a colleague. It looked like it was sent from someone in my organization, but in fact, it was sent from a different email address. As you can see below, there were a number of telltale signs of spoofing. Based on my understanding of it, this was an attempt to get me and other recipients to trust this email address so that it could later fill my inbox with spam advertising, capture my personal information or even impersonate me.

The lesson? Be suspicious of every email you receive.

1. Always review email message headers and check email addresses by hovering your mouse over the address. Do the same with links before clicking them.
2. Be wary of any email that expresses urgency.
3. Do not provide any confidential or personal information when requested to do so via email, particularly if you were not expecting to do so.

Lastly, the best protection against any unwanted access to your data is using strong passwords.

It continues to amaze me that every year the most commonly used passwords remain unchanged and include “123456,” “password,” “qwerty” and “admin.” If you are using one of those passwords, please stop now! Passwords must be strong and unique. You can test the strength of yours at howsecureismypassword.net.

When you use the same username and password for multiple services, if one service is compromised, then all of your services may be compromised. To check whether a service you’ve used has been compromised, go to Have I Been Pwned? If so, change your passwords associated that username and email.

The best way to create unique passwords for each service you use — and to remember those passwords — is with a password manager such as 1Password or LastPass.

This excerpt originally appeared at Attorney at Work.