Preventing and reporting phishing attacks
At Egress Software Technologies, we always strive to provide the highest levels of security and keep your data safe at all times. This page provides information on how to recognise and report potential email phishing attacks.
Phishing emails are designed to convince you into either handing over potentially sensitive information or downloading malicious software on to your machine. Some sophisticated phishing emails may be designed to look like they are from Egress.
Cyber criminals also use social engineering techniques to convince you to provide personal information like your Egress ID or install malicious software under false pretences. They might email you, call you on the phone, or convince you to download something from a website.
What does a phishing email look like?
Phishing emails are designed to look as real as possible, and to the untrained eye can look more or less identical to an email from a trusted sender such as a bank or a social media platform.
If you find the following features in an email from a seemingly reliable sender, it is often a hint that the email is a phishing attack:
- Incorrect spelling and grammar
- Name in the email address not matching the user details in the email body
- An email received from an unknown sender or email address
- An unexpected change to the look/ layout of an email
Web links in emails
Egress can be setup in a number of ways, but the standard way can involve the use of web links to provide zero footprint access to end users. Nonetheless, it is good practice to be wary of links in emails. If you see a link in a suspicious email message DO NOT click on it. Instead, hover your mouse over the link to see if the address matches the link displayed or if possible, open the site in another window instead of clicking the link in your email. All Egress links will go to the Egress domain of egress.com.
Some customers who use Egress Secure Email may use branded email notification with their logo on it. If you receive a branded email and it is different to what you normally see, this could be a sign of an attempted phishing attempt. If unsure, you should contact the sender to gain further clarification on the authenticity of the message.
Here are two examples of what a secure email notification from Egress looks like:
In a legitimate Egress notification email:
- The sender (‘User’) name is shown, together with their email address
- The copyright notice in the footer has a commencing year (e.g. from 2007 onwards)
- The link points to a valid egress address with a valid SSL certificate (typically https://reader.egress.com/xxxxx)
How to spot phishing phone calls
Also known as voice phishing or ‘vishing’, criminals may contact you posing as Egress Support services. They may invent a story such as your account being compromised to convince you to hand over sensitive information like answers to your security questions or billing details.
Some things to look out for:
- A call from a number not listed on our website
- Requests to download software not from egress.com/downloads
- Requesting user account passwords – Egress staff will never ask you for this
If in doubt, hang-up and call Egress Support back on the number provided at https://www.egress.com/support/contact-support where one of the Egress Support team will assist.
Reporting phishing emails and calls
If you believe you have received a fake secure email or are unsure about its authenticity, you can email firstname.lastname@example.org with a copy of the secure email message and it will be investigated. Egress will ascertain if the message is a genuine or fake secure email.
If you have mistakenly clicked on a suspect link and entered potentially sensitive information on a non-genuine Egress website, you should change your password immediately. If suspect messages have been sent or received from your Egress account, please contact Egress Support for further help.
What to do if you've fallen for a phish
If you’ve realised that you’ve fallen victim of a phishing scam, you should immediately change the password on your Egress account, as well as any other accounts that use the same or similar emails and passwords. You should also run an anti-virus scan on your device in order to clear your machine of any malware that might’ve got onto your system too.
Egress Secure Mail users should be vigilant and adhere to the following guidance when using the service:
- Always verify the authenticity of any email you receive via Egress Secure Mail; if in doubt, please contact the sender for verification
- Do not provide your password or other sensitive information if requested to do so in an email or via phone. Reputable businesses and organisations will never issue such a request
- Do not share your Egress ID or password with anyone
- Do not use the same password for your Egress ID and other accounts and always use a strong and complex password
- Ensure that you have antivirus / malware protection on your machine and that it is up-to-date with the latest definitions
- After following a link in an email, ensure it is pointing to the correct URL: https://reader.egress.com/ or https://switch.egress.com
- Egress will never contact you and ask you to disclose your password by email or telephone
- Always check that any pages or links are HTTPS and that the green shield is visible within your browser to verify authenticity (a genuine certificate)
- Be wary of messages that contain threats of loss of service or a sense of urgency. These are likely to be fake and not sent from Egress
- Be wary of messages that are badly written, contain spelling mistakes or poor grammar
If you have any doubts or see anything suspicious, please contact us.