Question
How can you avoid malicious emails and websites?
Answer
Imagine you are in a situation where you have some red flags that go off, you have had this healthy skepticism and think you know what, this email might be a scam. It looks like it might be fake. What should you do? My first bit of advice is not to respond. Do not write them back and say, please remove me from this email list. That only confirms to the attacker that the email works and that you read it, so do not respond. Instead of just clicking delete, number two is to report that message as spam or phishing either to your security staff at your employer or in your healthcare setting. Some email providers have this built-in button. For example, in Office 365, you can say, I would like to report this as spam. The nice benefit of that is you help protect everybody who got that message because it teaches the system, and it tells Microsoft this is a fake message, and they can start to block it for other users.
Another way to prevent getting these kinds of messages is to limit how many times you give away your email. If every time you fill out a form or register for a conference, every time you give away your email address is another opportunity, not only for annoying marketing, but it is an opportunity for your email address to fall into the hands of scammers. Use care with the number of people that you give your email to. As I mentioned, be skeptical about the links and attachments you get and spend a little extra time deciding whether you believe it to be legitimate before you open it.
The answer is not to open the attachment and then decide that it is too late. You have to decide before you open it. As I mentioned, having layered protection is an excellent way to give you backup confidence that a cybersecurity mechanism can protect you even if something goes wrong. In addition to your healthy skepticism, antivirus always running on your computer is another mechanism to detect that something has gone wrong. What about scan websites? If you believe you were browsing the internet and you have landed on a site that seems suspicious, what should you do? My best advice here is to digitally walk away, close that tab, go somewhere else, do not even stay on that website if it seems shady.
If you believe that you have submitted a form with information like your password, that happens, there are still things that you can do, and the world has not ended. The first thing to do is to change that password for the legitimate site. If you went to a site that looks like your email, and then you got suspicious afterward, immediately go and change your email password. You do not want the attacker to be able to use it, even if they captured it accidentally. The last thing is, if you even visit a site that seems a little bit suspicious, make sure to scan your computer for viruses. There is minimal cost to that. The antivirus should be running all the time and should be updated, but you can often manually click a button that says, please scan it right now.
This Ask the Expert is an edited excerpt from the course, Everyday Cybersecurity Best Practices for Respiratory Therapy, presented by Josiah Dykstra, PhD.
