Watch your domain extensions (Who REALLY is this email from?) | Hinshaw & Culbertson LLP


Risk management issue

How to tell if an email (which appears to be from a company’s own email system, notifying the recipient that their information has expired or needs to be updated and asking the recipient to click a link to update their information ) is genuine?

The problem

Recently, several lawyers and secretaries at a law firm received an email purportedly from the firm’s “email system” claiming that the recipient’s email was out of date and asking the recipient to click on a box to put update their email.

The email was malicious. A few telltale signs that the message was fake included the fact that the company’s email addresses are not outdated. Only passwords can expire, and the firm’s system was set up to alert attorneys and firm employees that their password was due to expire several weeks before expiration. Also, the company did not have an “email system” and the email was designated as an “external email” by the company’s server.

But the real giveaway was the email sender’s domain extension. The sender of the e-mail in this case was located in Germany. You can tell by looking at the sender’s domain extension. In this case, .de is the domain extension used in Germany.

Risk Management Solutions

  • Always check the domain extension of the sender of an email. If you scroll too quickly, you may think the extension is .com when it’s actually .cn, indicating that the email is from China. Beware of anything that does not end in .com, .gov, .us, .law or a state domain extension like .az (for Arizona) for example. Here is a list of foreign domain extensions to check if you ever don’t recognize an extension:

  • Configure your email system so that emails from outside the company are labeled as “External Emails” and instruct employees to be suspicious of all external emails. In the example above, if the email really came from an internal “mail system”, it would not have been designated as an “external email”.

  • Send suspicious emails to your company inbox for evaluation and company-wide blocking of the sender(s).

  • As always, if you receive an email out of the blue, never click on a link or attachment. Also, if you receive an email from someone you know, but it contains an attachment you did not expect to receive, call the sender to confirm that it is from the sender and not from a hacker.

Remember, let’s be careful out there.


About Author

Comments are closed.