Report a Suspicious Email

Learn how to report an email you think is not valid.

Explore
Accessibility controls
Pause motion
Motion: On
Play motion
Motion: Off
Increase text contrast
Contrast: Standard
Reset text contrast
Contrast: High
Apply site-wide

Email Security Primer

What is email? Email is the equivalent of a postcard in the mail. Much like a postcard in the mail, email is not guaranteed to be private or secure in any capacity.

Email is NOT secure

You must assume:

  • Anybody can read anything you send or receive
    • Your email communications are not private. Assume email is like communicating by sticking postcards on the recipient’s door.

Email does NOT verify identity

You must assume:

  • Anybody can set any From address
    • example: anybody can send you a postcard saying “From Your Uncle Bob, Please Send $50,000. It’s an emergency.”
  • Even if the From address is correct, you need to check the To address when you begin a reply.
    • email has two reply targets and the sender controls both. If sender sets a Reply-To field, then From address is not the address where your reply goes. Verifying the From address alone is not enough it guarantee your reply will not be exfiltrated.

Email is NOT confidential

You must assume:

  • Anything you send will be made public.
    • Have you seen someone reply-all by mistake? Ever received a confidential forward not intended for you? The only way to stop information leakage is to not send information in the first place.
    • Even if the From address and Reply-To addresses are okay, assume you send to can (andwill) make a mistake of re-forwarding your confidential message/attachment/data on to unauthorized people by mistake.
    • Even if no mistakes happen by accidentally publishing or forwarding an email, your entire email database could be compromised, as we’ve seen with Sony“Hacking” Team, and Syrian interests. Or, maybe your organization falls under legal compliance/discovery and you end up needing to release your entire email archive to the public.
    • The only way data can be safe is to not send it over email in the first place. There are no takebacks when using email.

Report Suspicious Emails

ProofPoint Report Suspicious for Gmail is a powerful tool designed to enhance your email security by enabling you to report suspicious, spam, and malicious emails directly from the Gmail desktop browser interface or Gmail mobile app. This tool is specifically designed to help protect you from phishing attacks, which are deceptive attempts to steal your personal information such as passwords, credit card numbers, or sensitive data. 

Email Security Best Practices

Before you act on any email, you must:

  • Verify the email 
    • is the email from who you think it’s from? is it hacked? is it spoofed?
  • Verify the request
    • does the person asking for data/actions/help have permission to access what they are requesting?
  • Consider a reply
    • does it make sense to reply? should the request be going through other channels?