No one is immune from receiving phishing emails, even we receive dozens per week. Often, they seem to come from a known email address (they’re not – the From: address is forged). With spear phishing, the email message is specifically written for you so that it seems familiar enough to trick you into trusting the content. The ultimate goal of these authors is to have you execute some action (e.g. click a link, run an app, call a phone number, etc.) – after which it is often game over. Unfortunately, if they are really good (and we’ve seen some amazingly scary examples) it is extremely hard for the common user to tell if an email can be trusted or not.

To help combat this, we digitally sign all our emails. When receiving an email from us in Outlook, to the left of the email subject you will see a Digital Certificate icon like the one pictured to the right. (To me it looks like a “First Place” county fair ribbon.) That icon tells you the email was sent with a digital certificate, but that’s not the end of the story. You then need to look in the email or preview pane to view the header information. If the same certificate icon is in the lower right section of the email header, then you’re good to go!

It also ensures all emails you receive from SpotLink are secure and the contents have not been tampered with, so you can therefore trust what’s inside. However, if you see a yellow triangle with an exclamation point in the middle and a red line across the bottom of the header:

That symbol indicates it’s untrusted, and you should be cautious of the contents.

Again, if you use Outlook and receive an email from us that does not have the Digital Certificate symbol next to it, or the certificate is untrusted, please treat it with skepticism. Call us to confirm if you have any doubts. (An untrusted certificate will also happen if the cloud certificate server is not accessible, so it doesn’t necessarily mean that the email is fraudulent.)

Unfortunately, Digital Email Certificates are not universally supported. Most webmail sources (Yahoo, Hotmail, Gmail) don’t recognize the certificates and instead you’ll see a smime.p7s attachment. (Just because it has a .p7s attachment, does not mean you can assume the email has a certificate. The email could be forged and still have a .p7s attachment.) In this case, use normal caution when acting on the email.

Digital Email certificates are not 100% foolproof. They generally don’t require as much validation and verification as other types of high security digital certificates. Still, an email from a known acquaintance with a digital certificate has a dramatically lower chance of being fraudulent or malicious. It is another protective layer in a robust multi-layer security strategy.

Of course, we are available 24/7 at +1-855-SPOTLINK or [email protected] to provide professional assistance if needed.