The internet can be scary, but emails are the scariest. Email is the #1 way hackers are able to get into your small business’ network. Unsurprisingly, people are much easier to trick than security systems like firewalls and anti-virus. If you aren’t extremely vigilant about your email inbox, you could be in for a nasty malware surprise.

Here are the 6 scariest emails you should never, ever open.

Confirm Your Account/Unusual login activity

You use the Internet to log into multiple important websites every day. Likely, you do your banking online. You may pay your bills online. You shop online. And of course, we all have social media accounts. BUT, you should never open emails suggesting a password change or an account confirmation. Instead, delete the email, and then log into the appropriate website. You can change your password directly in Facebook instead of clicking on a link in an email that may infect your computer. If the email is from your bank, give them a call and verify the message is legitimate (it’s probably not - banks will call you if they discover unusual account activity).

You Missed a Delivery

UPS and Amazon are both big favorites of hackers who want to target small businesses. If you receive an email from UPS, USPS, Amazon, etc claiming that you missed a delivery - don’t open it. Especially don’t click on anything. Log into your various mailing accounts and review your tracking activity. Are you even expecting a delivery? It’s also very easy to pick up the phone and give the company a call and verify that a package was unable to be delivered.

Your Account has been Locked

It probably hasn’t been. If you get an email like this one, be very very careful not to click any button to unlock your account (whether it’s Facebook or LinkedIn or Chase). Instead, use the same method as I mentioned in the first of the scary emails: try logging into the account directly from a new window. It’s probably not locked at all. In the event that it is, give the company a call and ask about the next steps you can take.

Unexpected Refunds or Payments

Don’t fall for this one, either! Think about it - how likely is it that you are owed a refund for something you hadn’t even thought about? Why are you being paid for something you’re not sure you did? Instead, call up the sender of these sorts of emails to verify their legitimacy. Do not open any attachments claiming to be payments or refund vouchers. Delete the email. If you’re actually owed that money, the sender won’t mind sending it a second time.

Resume Attached/Invoice Attached

So, you’ve received a resume in your inbox. Ask yourself - why am I getting this email? Is my company hiring? Am I the correct person to receive a resume? Is there any email content that indicates who the resume belongs to? Best case - you delete an email from an honest person trying to get a job, and in that case, you can call them to verify the email. Worst case - it’s a ransomware virus and you lose everything.

CEO Fraud

We’ve saved the best (worst?) for last. Emails from your CEO that aren’t really from your CEO. This is called ‘spoofing’, and it’s becoming more and more common. If the email seems strange, don’t open it. If there’s a link inside the email, don’t click it. Does the email make sense or is it simply asking you to fill out an unidentified form? If you’re not sure, contact your boss about it. He’ll likely be relieved to find out his email is being spoofed and you didn’t fall for it. Urge him to contact your IT support about the issue, though, since once an email gets spoofed, it can be used over and over again by the hacker until that avenue is closed.

How well do you think you’ll remember these specific rules in a couple weeks when you’re going through your inbox uncaffeinated? What about your employees? The good news is - people can be trained! A little knowledge can go a long way. If you’d like to sign up for security awareness training, let us know. It could save you thousands.