When using a work-related email account, your company likely has anti-spam and anti-virus software in place to protect you from email viruses. However, these software apps cannot prevent all malicious email, and some malicious threats come from the internet.

Some malicious threats include:

- Trojan horses

- Viruses

- Worms

- Spyware

- Phishing

- Ransomware

Besides using unique, strong passwords and 2FA for each of your email and user accounts, here are some of the most important things you can do to protect yourself from malicious email.

• Always keep your computer’s anti-virus software and browser software up-to-date. These applications are updated or patched frequently to address new threats.

Do not, ever:

- Open an email from an unknown address.

- Click a link in an email unless you expected someone to send it.

- Open an attachment unless you were expecting it or it was from an unquestionably trusted source. Scan any attachment before you open it!

Most of us already follow these basic email safety rules, so why repeat them? Hacking of email accounts is so common that almost every day you can expect an email from someone you know that was sent as a result of a hack.So, even if you recognize the From address, you should not automatically trust the content in the email.

Here are two specific examples of malicious emails that you might believe are real:

1. Spoofs: These are emails with a forged “From” address.Maybe you receive an email from your company CEO or doctor’s office requesting some type of personal data. Anytime an email requests personal data, assume it is malicious.Contact the sender via another method to confirm the request before sending anything like passwords, account numbers, credit card information, etc.

2. Hacks: A Yahoo! account was recently hacked, and everyone in the user’s contacts received this email:

[Malicious link]. Isn’t it incredible? I am totally impressed!

The text following the link looks like something the user would send to friends. Luckily, no one clicked the link, but some unsuspecting users might have.


Not all malicious threats come from email–many are from the internet, instant messages (IMs) and file-sharing sites. 

Here are some best practices to follow:

• Be careful and selective about what you download to your computer from the internet.

• Read licensing agreements carefully.

• Do not click on internet ads.

• Do not open or accept suspicious error messages in your browser.

• Do not click on IM links from users you do not know or if they are otherwise suspicious.

Doing any of the above actions can result in software downloads to your computer, and these downloads are often malicious.