By Carol Holzgrafe

While attending a meeting of the Morgan Hill branch board earlier this month, we were treated to a short and valuable lesson in email cybersecurity by Michelle Robleto, a new member who works in that area. While some of these things may be familiar to you (I hope so), it is always good to have a refresher.

1. Always check the email address (at the top), not just the name. If the address shown does not agree with the one you are familiar with, STOP. Send to Trash/Spam and block if you can.
2. If a message, even from a familiar name, sounds odd for any reason: STOP. Do not reply. Especially if it asks for money, gift cards etc.
3. Ask yourself: Am I expecting this message? Would she/he/they send such a message?
4. Never, ever open an attachment in a suspected message. It could cause you unlimited trouble.
5. If you are unsure, send a separate message to the known sender, include the message (take a screenshot if you can or copy the text), and ask if the message is real. If not, they will be happy to know that they have been hacked. Well, not actually happy but, then they can notify friends not to open the suspected message.
6. Addresses/websites beginning with https:// are more secure (that’s what the “s” means). Addresses/websites beginning with http:// are less secure.
7. QR codes: Before scanning, make sure the code has not been tampered with, e.g. having another code taped over it:
   • Make sure it is from a legitimate source (an example would be when the restaurant wait staff gave you a QR code to use for their menu). 
   • Lastly, try not to use QR codes that require you to enter payment information. Ideally you would be able to go directly to the website versus scanning a code. Example: San Francisco has a parking website to go to or the option to scan a code. It’s easier to tamper with a QR code and modify it than it is to add a whole new website to parking signs.