Handling emails from unknown senders creates risk for the university. While these emails may be phishing or spam, sometimes they are legitimate. If your position requires you to respond to an unknown sender, it's crucial to exercise caution.
Should you respond?
If you work in a role that requires interaction with unknown senders, you must weigh the personal and institutional risks of responding to the sender vs. ignoring the email.
Some risks in responding to unknown senders:
- It confirms that your email account is active and watched by a human. That invites future phishing attempts from the same sender.
- It may invite more emails from other unknown senders.
- It invites further interaction and increases the risks inherent in email communications.
- It opens the door for social engineering attempts.
- It lowers your resistance to questionable content because it changes the context of the original email.
Best practices for responding to unknown senders:
- Don't forward emails from unknown senders to another person in the university. Receiving a forwarded email adds a layer of authenticity that can trick your fellow employees.
- Centre your approach. Identify the user's wants and don't deviate from the original request.
- Follow your department's procedures for verifying the sender's identity. Identifying people by address and name alone is usually impossible. Rely on your department's policies for identifying employees, students and vendors. You may need to use an alternate method to contact the sender.
- Follow your department's standards for responding to unknown senders. By way of their nature, some departments get legitimate contact from outside sources.
- Avoid clicking on links. Only click links or attachments within the email if you know they are legitimate. Hover over links to preview the URL and ensure it matches the purported destination.
- Follow your department's policies for sharing confidential information. Just as you'd never share your personal information, passwords, SIN or account numbers through email, never share VIU's confidential information with unknown senders.
- Trust Your Instincts. If something about the email feels off or raises doubts, trust your instincts and err on caution. It's better to be safe than sorry.