Tag: email

Source: IOL

Security researchers have found that phishing emails are more likely to originate from certain countries in parts of Eastern Europe, Central America, the Middle East, and Africa.

The country where emails originate and the number of countries they are routed through on the way to their final destination offer important warning signs of phishing attacks.

For the study, researchers at cloud-enabled security solutions provider Barracuda Networks teamed up with Columbia University researchers.

They examined the geolocation and network infrastructure across more than two billion emails, including 218,000 phishing emails sent in the month of January 2020.

In phishing attacks, attackers use social engineering tactics to lure victims into providing personal information such as usernames, passwords, credit card numbers, or banking information.

Thus, to detect the same, the entire focus should be on the content of phishing emails and the behaviour of attackers.

As phishing attacks become more complex, increasingly sophisticated methods are required to defend against them.

After analysing the geography of phishing emails and how they are being routed, Barracuda researchers identified that over 80 per cent of benign emails are routed through two or fewer countries, while just over 60 per cent of phishing emails are routed through two or fewer countries.

Senders that produce a higher volume of phishing emails (more than 1,000 emails in the dataset) with a higher probability of phishing originated from countries or territories including (in descending order) Lithuania, Latvia, Serbia, Ukraine, Russia, Bahamas, Puerto Rico, Colombia, Iran, Palestine and Kazakhstan, said the study.

These are some of the territories from where senders produce a higher volume of phishing emails with a higher probability of phishing.

“With phishing attacks expected to play a dominant role in the digital threat landscape and cybercriminals adjusting their tactics to bypass email gateways and spam filters, it’s crucial to have a solution that detects and protects against spear-phishing attacks, including brand impersonation, business email compromise, and email account takeover,” Murali Urs, Country Manager of Barracuda India, said in a statement.

“Deploy a solution that doesn’t rely on malicious links or attachments but uses machine learning to analyse normal communication patterns within an organisation to spot anomalies that may indicate an attack.”

Meanwhile, employees should be provided up-to-date awareness training for recognising attacks and knowing how to report them to IT right away, Barracuda Networks said.

 

Large-scale spam outbreak causes email delay

Source: MyBroadband

Xneelo has informed users that it is experiencing a large-scale spam outbreak that is resulting in e-mail being delayed.

Many Xneelo subscribers have been experiencing delays when sending emails to external recipients.

Some users have also received messages that the IP address they are attempting to send the email from is on the Spamhaus blacklist.

“You will receive the following error when attempting to send an email: 550 Spamhaus (-53): retry time not reached for any host,” Xneelo said.

The company said its engineers have rolled out a change that should resolve the error being encountered.

Source: Talk of the Town

The SA Social Security Agency (Sassa) has warned the public not to be duped by a fake e-mail doing its rounds in which an “official” calls for people to contact its offices regarding a tender for the three-year supply of food parcels in the Free State.

Sassa spokesperson Sandy Godlwana told TimesLIVE that the agency was concerned that members of the public “will find themselves having to pay money with the hope that they will get the tender, where this is fake and a scam”.

The fake correspondence has been sent in the name of Sassa regional executive manager Themba Matlou.

“This misinformation is devoid of truth and is tantamount to causing chaos and anarchy which may lead to unrest and the undesirable consequence of damage to government property,” said Matlou in a statement issued on Monday night.

“The process to appoint service providers has just started and is only an evaluation process. Successful bidders will be duly contacted through proper channels at an appropriate time.

“The agency warns all bidders against this scam and any other bid where people purport to take money claiming they are from Sassa.

“The social relief programme is intended to assist to meet basic needs of indigent persons by means of rendering temporary and immediate material assistance in response to a crisis.We are working around the clock to ensure that suitable service providers are appointed in line with Sassa supply chain prescripts,” he said.

By Tom McKay for Gizmodo 

Facebook has been prompting some users registering for the first time to hand over the passwords to their email accounts, the Daily Beast reported on Tuesday—a practice that blares right past questionable and into “beyond sketchy” territory, security consultant Jake Williams told the Beast.

A Twitter account using the handle @originalesushi first posted an image of the screen several days ago, in which new users are told they can confirm their third-party email addresses “automatically” by giving Facebook their login credentials. The Beast wrote that the prompt appeared to trigger under circumstances where Facebook might think a sign-up attempt is “suspicious,” and confirmed it on their end by “using a disposable webmail address and connecting through a VPN in Romania.”

It is never, ever advisable for a user to give out their email password to anyone, except possibly to a 100 percent verified account administrator when no other option exists (which there should be). Email accounts tend to be primary gateways into the rest of the web, because a valid one is usually necessary to register accounts on everything from banks and financial institutions to social media accounts and porn sites. They obviously also contain copies of every un-deleted message ever sent to or from that address, as well as additional information like contact lists. It is for this reason that email password requests are one of the most obvious hallmarks of a phishing scam.

“That’s beyond sketchy,” Williams told the Beast. “They should not be taking your password or handling your password in the background. If that’s what’s required to sign up with Facebook, you’re better off not being on Facebook.”

“This is basically indistinguishable to a phishing attack,” Electronic Frontier Foundation security researcher Bennett Cyphers told Business Insider. “This is bad on so many levels. It’s an absurd overreach by Facebook and a sleazy attempt to trick people to upload data about their contacts to Facebook as the price of signing up … No company should ever be asking people for credentials like this, and you shouldn’t trust anyone that does.”

A Facebook spokesperson confirmed in a statement to Gizmodo that this screen appears for some users signing up for the first time, though the company wrote, “These passwords are not stored by Facebook.” It additionally characterized the number of users it asks for email passwords as “very small.” Those presented with the screen were signing up on desktop while using email addresses that did not support OAuth—an open standard for allowing third parties authenticated access to assets (such as for the purpose of verifying identities) without sharing login credentials. OAuth is typically a standard feature of major email providers.

Facebook noted in the statement that those users presented with this screen could opt out of sharing passwords and use another verification method such as email or phone. The company also said it would be ending the practice of asking for email passwords.

“People can always choose instead to confirm their account with a code sent to their phone or a link sent to their email,” the spokesperson wrote. “That said, we understand the password verification option isn’t the best way to go about this, so we are going to stop offering it.”

However, those other options could only be reached by clicking the “Need help?” button seen in the above screenshot, which is not an obvious manner of communicating that there are other options.

Business Insider found that signing up for an account using this method additionally prompts users that Facebook is “importing contacts” without asking for permission, though it was not “immediately clear if this tool actually imports these contacts”:

Business Insider has also found that if a new user chooses to enter their e-mail account password into Facebook, a pop-up appears saying that Facebook is “importing contacts” — despite not asking the user for permission to do so. It is not immediately clear if this tool actually imports these contacts, as it apparently didn’t pull in contact list entries we made for the purposes of testing, though these contacts were only minutes-old.

Reached over phone, a Facebook spokesperson confirmed that handing over email login credentials has been “offered for years” and that the “The intent of this option was simply to confirm the account.” The spokesperson said they did not know whether Facebook had accessed any data in accounts it obtained passwords to—such as contact lists, which it uses to fuel features like its People You May Know system—but would follow up with an answer. (We’ll update this article if we hear back.)

While Facebook said that it did not store the passwords, it has also used ostensible security features such as two-factor authentication as a pretext to spam users’ phones with text messages and wrangle up phone numbers for targeted advertising. Facebook has also in the past issued contradictory statements about what kind of data it collects (such as call data and app usage on its Portal video phones), launched pseudo-VPN apps that vacuumed up user data, and seemingly obfuscated how users could control whether it obtains call and text data. Late last month, news leaked it stored hundreds of millions of users’ passwords in plaintext.

By Adam Grant for The New York Times 

Whether you’re a devout practitioner of “inbox-zero” or a functional e-mail hoarder, you probably have some sort of professional philosophy on e-mail. But is there an optimal approach?

Yes, we’re all overwhelmed with email. One recent survey suggested that the average American’s inbox has 199 unread messages. But volume isn’t an excuse for not replying. Ignoring email is an act of incivility.

“I’m too busy to answer your email” really means “Your email is not a priority for me right now.” That’s a popular justification for neglecting your inbox: It’s full of other people’s priorities. But there’s a growing body of evidence that if you care about being good at your job, your inbox should be a priority.

When researchers compiled a huge database of the digital habits of teams at Microsoft, they found that the clearest warning sign of an ineffective manager was being slow to answer emails. Responding in a timely manner shows that you are conscientious — organized, dependable and hardworking. And that matters. In a comprehensive analysis of people in hundreds of occupations, conscientiousness was the single best personality predictor of job performance. (It turns out that people who are rude online tend to be rude offline, too.)

I’m not saying you have to answer every email. Your brain is not just sitting there waiting to be picked. If senders aren’t considerate enough to do their homework and ask a question you’re qualified to answer, you don’t owe them anything back.

How do you know if an email you’ve received — or even more important, one you’re considering writing — doesn’t deserve a response? After all, sending an inappropriate email can be as rude as ignoring a polite one.

I have a few general rules. You should not feel obliged to respond to strangers asking you to share their content on social media, introduce them to your more famous colleagues, spend hours advising them on something they’ve created or “jump on a call this afternoon.” If someone you barely know emails you a dozen times a month and is always asking you to do something for him, you can ignore those emails guilt-free.

Along these lines, the last time I made the mistake of admitting in this newspaper that I believe in being responsive to emails, I got a deluge of messages. One reader even wrote, “I just wanted to test you, to find out if it’s true.” So this time, let me be clear: I’m not writing this article as a personal note to your inbox, so it doesn’t require a personal reply to mine.

We all need to set boundaries. People shouldn’t be forced to answer endless emails outside work hours — which is why some companies have policies against checking emails on nights and weekends. Some people I know tell their colleagues they’ll be on email from 9 to 10 a.m. and 2 to 3 p.m. each day, but not in between. If it’s not an emergency, no one should expect you to respond right away.

Spending hours a day answering emails can stand in the way of getting other things done. One recent study shows that on days when managers face heavy email demands, they make less progress toward their goals and end up being less proactive in communicating their vision and setting expectations.

But that same study shows that email load takes a toll only if it’s not central to your job. And let’s face it: These days email is central to most jobs. What we really need to do is to make email something we think carefully about before sending, and therefore feel genuinely bad ignoring.

Whatever boundaries you choose, don’t abandon your inbox altogether. Not answering emails today is like refusing to take phone calls in the 1990s or ignoring letters in the 1950s. Email is not household clutter and you’re not Marie Kondo. Ping!

Your inbox isn’t just a list of other people’s tasks. It’s where other people help you do your job. It allows you to pose questions with a few keystrokes instead of spending the whole day on the phone, and it’s vital to gathering information that you can’t easily find in a Google search.

“My inbox is other people’s priorities” bothers me as a social scientist, but also as a human being. Your priorities should include other people and their priorities. It’s common courtesy to engage with people who are thoughtful in reaching out.

This isn’t just about doing unto others as you’d have them do unto you. Clearing out your inbox can jump-start your own productivity. One set of experiments showed that if you’re behind on a task, you’ll finish it faster if you’re busy, because you know you need to use your time efficiently. As a writer, I like to start the morning by answering a few emails — it helps me get into a productive rhythm of deep work. If you think you have too many emails, maybe you just don’t have enough.

Everyone occasionally misses an email. But if you’re habitually “too busy” to answer legitimate emails, there’s a problem with your process. It sends a signal that you’re disorganized — or that you just don’t care.

If you’re just hopelessly behind on your inbox, at least set up an auto-reply giving people another channel where they can reach you. A Slack channel. Twitter. A phone number. Post-it notes. Carrier pigeon.

Remember that a short reply is kinder and more professional than none at all. If you have too much on your plate, come clean: “I don’t have the bandwidth to add this.” If it’s not your expertise, just say so: “Sorry, this isn’t in my wheelhouse.” And if you want to say no, just say “no.”

We can all learn from the writer E.B. White, who, in response to a 1956 letter asking him to join a committee, responded with two short sentences. The first: a thank-you for the invitation. The second: “I must decline, for secret reasons.”

Researcher reveals Eskom data leak

By Charlie Osborne for Zero Day 

In what may be a case of “if we ignore it, it will go away,” South Africa’s largest electricity company has become the subject of the public exposure of customer data after ignoring researcher pleas to resolve the problem.

Eskom is South Africa’s state-owned electricity company which generates approximately 95 percent of the region’s electricity, as well as roughly 45 percent of all of the electricity used across the African continent.

On Tuesday, cybersecurity researcher Devin Stokes sent a public tweet to Eskom which appears inlaid with frustration at non-communicativeness from the electricity provider.

Stokes said, “You don’t respond to several disclosure emails, email from journalistic entities, or Twitter DMs, but how about a public tweet? This is going on for weeks here. You need to remove this data from the public view!”

The following image contains a screenshot of what appears to be customer and service-related data, including account IDs, start and end service dates, and meter information:

Several hours later, Stokes published a further screenshot with a live timestamp, commenting, “OK. It got worse.”

It appears that this database entry contained some of the financial data of a customer, including name, card type, a partial card number, and CVV, the three-digit security code which is required for purchases in-person or online.

According to the researcher, the electricity provider has left its billing software database exposed, lacking so much as a password.

The most recent customer estimates available, published in 2016, claim that Eskom accounts for roughly 5.7 million customers across South Africa. It is not known how many customers may have been involved in the reported breach.

However, this may not be the only security failure Eskom needs to grapple with — as one of the company’s own employees may have complicated matters further in their gaming enthusiasm.

In a screenshot posted by MalwareHunterTeam, another Twitter user warned Eskom of the existence of a Trojan on one of their networked, corporate machines. The user reported that the Trojan infected the machine through a fake SIMS 4 game installer.

The Twitter user, going under the handle “@sS55752750,” added that the offending employee is a “senior infrastructure advisor.”

While there has been no news on the exposed database, Eskom did thank the researcher who disclosed the Trojan’s existence, saying, “This has been investigated and the necessary actions have been taken. Thank you for bringing it to our attention.”

“Accidental breaches of this type further drive home the point that every company should have a formal process to accept vulnerability reports from external third parties,” Jon Bottarini, Lead Technical Program Manager for HackerOne told ZDNet in response to the news. “Exposing the vulnerability details on Twitter seems to have been the last-ditch attempt on behalf of the security researcher to try and get in contact with someone who can resolve the issue.”

Eskom told ZDNet that the company is “conducting investigations to determine whether sensitive Eskom information was compromised as a result of this incident,” but will not comment further until the investigation has been concluded.

Source: MyBroadband

MWEB and Absa clients have been targeted in a new e-mail phishing attack, where they are asked to open an attachment aimed at stealing their private information.

The email asks users to open an HTML attachment, which in turn opens a form in a browser which steals the victim’s personal details.

In the past, executable keyloggers were attached to emails to steal account information from victims.

However, most security services now block users from opening an attached executable file, as most of these files are malicious.

Scammers are now using HTML pages as attachments, where users are asked to provide their personal details in what appears to be a legitimate website.

In these scams, users are encouraged to open the attached email file, which opens in a browser and requests their username and password for a service.

This information is then sent to the criminal’s email address using a basic PHP script.

MWEB and Absa scam email
This is the method used in the latest email scam which is targeting MWEB and Absa clients.

The email, which claims to come from MWEB – but is sent from “info@mailsynk.co.za” – tells users that their “invoices and/or receipts and statement that you requested attached to this email”.

The attachment is the phishing page, which in this case uses the domain “jehovalchristofficeinternatona.co.za” to host the scripts.

Without looking at the HTML code, there are many warning signs that this is a scam email:

  • The email does not come from MWEB or Absa. It should be noted that an email which comes from an @mweb.co.za or @absa.co.za does not automatically mean it is authentic.
  • The email is poorly structured and contains poor grammar.
  • There is no personalisation in the email, with a user’s name or account details.
  • It mentions a PDF file, but the attachment is a .htm file.
  • Users are asked to provide their personal details to view a file – a clear sign it is a phishing attack.

By Vicky Sidler for MyBroadband / Nick Saunders at Mimecast

When I say the word “bat”, what image comes to mind? A flying mammal? A cricket bat?

In English, they call this a “homograph”: when two or more words are spelled the same but don’t have the same meanings or origins.

In cyber-security, a homograph is a lot more sinister. It’s a term given to a type of impersonation attack where an email address or website URL looks legitimate but isn’t. It’s designed to trick people into clicking on malicious links or to fool them into transferring money or sharing sensitive information.

Recent research by Vanson Bourne and Mimecast found that more than 85% of respondents had seen impersonation fraud in the past 12 months, and 40% had seen an increase in this type of attack in the same period. In South Africa, 36% of respondents had seen an increase in impersonation fraud asking to make wire transactions, and 37% had seen an increase in impersonation fraud asking for confidential data.

Despite this growth, many organisations do not have a cyber resilience strategy in place to help them detect, prevent and recover from these types of attacks.

Easy to execute, hard to detect
Homograph attacks are difficult to detect – by both the user and regular email security systems.

To create these lookalike domains, attackers use non-Western character sets or special characters found in Greek, Cyrillic and Chinese, to display letters which, to the naked eye, look identical to the western alphabet. Mimecast.com, for example, looks like мімесаѕт.com in Cyrillic. According to one domain name checker, there are 117 possible Mimecast domains that can be misrepresented with just one character from a non-English alphabet.

These subtle changes are likely to go unnoticed by users. In South Africa, 31% of respondents were not confident that employees could spot and defend against impersonation attacks, which easily and often slip through an organisation’s security systems.

Some 21% of South African respondents were not confident that their organisation’s security defences could defend against impersonation fraud asking for confidential information, rising to 25% for fraud asking to make wire transactions – in line with global trends.

This is because the emails themselves don’t contain malware and the URLs often have legitimate (read: stolen) security certificates.

Is it me you’re looking for?
Website URLs aren’t the only avenues for impersonation attacks; email address impersonation is also on the rise.

These types of attacks are designed to trick users such as finance managers, executive assistants and HR representatives into transferring money or disclosing information that can be monetised by cybercriminals. The email appears to come from someone they trust – a C-suite executive or a third-party supplier that they regularly do business with – and therefore wouldn’t think twice about responding to.

South Africans reported that, in the past 12 months, cybercriminals have attempted to impersonate finance teams (24%), third-party vendors (20%), a member of the C-suite (7%), as well as HR, sales, operations, legal and marketing team members (between 5% and 8%).

Again, these emails do not contain malware, which means they can go undetected by most email security systems. Social engineering attacks such as these rely on our inability to spot anomalies in URLs and email addresses – and the fact that we believe we’re communicating with someone we know.

Know what to do
Cybercriminals have figured out that they can bypass security systems by switching from malware-laden attacks to malware-less impersonation attacks. Now, social engineering meets technical means to put us in the middle of the next evolution of cyber-attacks.

Here are some measures organisations can implement to guard against these types of attacks:

  1. Education – when users know how social engineering and spoofing attacks work and then understand they shouldn’t click on links in emails, breach incidents can be drastically reduced. Users should be encouraged to physically type an address into a browser rather than click on a link in an email, even if it was supposedly sent by someone they know and trust. Education and awareness will always be the most important defence mechanisms.
  2. Protection – email security systems are getting better at stopping malware which enter the network through dodgy files and attachments, but few are effective against impersonation attacks. Organisations need a solution that can deep-scan all inbound emails and inspect for header anomalies, domain similarity, sender spoofing and the existence of keywords and suspicious impersonation emails. These can then be blocked, quarantined, or delivered as flagged to alert the receiver of potential risk.
  3. Resilience – having the right threat protection in place is just one part of a robust cyber resilience strategy. Organisations also need to be able to adapt their strategies to stay ahead of attacks, while having the durability to continue with business as usual in the event of an attack, and the recoverability to ensure data and emails are always accessible.
  4. Oversight – often, lax security on a third-party supplier’s side provides an entry point into an organisation’s network. Enterprises should continuously evaluate and manage the security and privacy policies of their suppliers and include security in their service level agreements. They should also perform on-site security assessments with new suppliers before sharing sensitive information.
  5. Visibility – organisations need to know who their vendors are and who has access to company information, and for what reasons. This is even more important now that the EU’s General Data Protection Regulation has come into force and will affect all South African organisations when the Protection of Personal Information Act is finalised.

Thirty-seven percent of South African organisations have suffered data loss because of email-based impersonation attacks in past 12 months. These organisations also reported reputational damage (34%), loss of customers (29%), direct financial loss (17%) and lost market position (19%).

Email continues to be the number one threat to organisations globally and accounts for 96% of all incidents that organisations face.

Clearly, there is an urgent need to work towards a higher standard of email security. Cyber-criminals have evolved their attack methods. It’s time the security strategies organisations use to protect their users and their businesses evolve as well.

By Adiel Ismail for Fin24 

Goliath and Goliath CEO Kate Goliath is encouraging small businesses to ramp up security measures after her comedy and entertainment agency fell victim to invoice intercepting as a result of e-mail hacking. You should be able to manage and secure your company data, as it is the most valuable thing. If you need some help managing your business data, make use of RadiusBridge business reporting software.

Goliath and Goliath is out of pocket to the tune of more than R300 000, while its subsidiary The PR Bailiff has been scammed out of R20 000.

The hackers gained access to the company’s emails and requested clients to make payments to a different bank account.

Goliath told Fin24 that small businesses shouldn’t just rely on tech companies to educate them about cybercrime.”Find out as much information about how hackers get into the systems so that you are aware of what service providers need to offer,” she said.

“Be vigilant. Protect your business and insure the technical side of your business as well.”

The company opened a case with the police and is in the process of sending a subpoena to the bank where the funds have been deposited.

Afrihost said it will work with the police to further investigate the incident. “We strongly believe this was a case of phishing,” a representative told Fin24.

Entertainment and media high risk for cybercrime

“We have noticed that some banks are posting warnings before a client makes a payment to verify that the bank details they’re using are correct. We assume that this is because of an increase in these types of phishing attacks.”

Cyber incidents rank top in the entertainment and media, financial services, technology and telecommunications industries, according to the Allianz Risk Barometer 2018.

The report revealed that cyber incidents remain a top threat with 38% of responses for South African businesses, which is reported to lose billions of rands a year to cyber attacks.

The three Goliaths – Jason, Donovan and Nicholas – do stand-up comedy and entertains at workshops, conferences, award ceremonies and events.

Craig Rosewarne, Managing Director at Wolfpack Information Risk, which is a threat intelligence firm that specialises in understanding and predicting cyber threats, said small and medium businesses are just as vulnerable as big businesses when it comes to hacking.

“Their challenge however is that security is often the last thought until they get stung and end up either losing a substantial amount of money or leaking their customer’s sensitive data,” he told Fin24.

Wolfpack has assisted many small and medium sized businesses whose invoices have been hacked, said Roseware. In this regard it has found three common causes:

1. Attackers will perform reconnaissance on key individuals in IT / Finance / Execs and send a targeted spear phishing email to target their machines for access or further information

2. Spyware is loaded on their devices that record keystrokes and take screenshots for the attacker

3. Compromising their online hosting / email platform and adding in rules for any email that has the word “invoice” or “payment” – to send a duplicate email to the attacker’s gmail or “burner” account.

Tips for companies

Roseware suggested that companies under attack should conduct an independent risk assessment and obtain guidance on how to mitigate risk.

“Employees should also be made aware of risks and this should be backed up with an information security policy signed by staff and contractors.”

He also stressed the importance of having up to date anti-malware software on all devices that process sensitive information.

Cyber risk is fast becoming the number one risk facing countries, governments and organisations, noted Roseware.

“In all of these scenarios it often boils down to an individual that gets compromised so cyber awareness is key in both your business and personal lives.”

How to keep on top of your e-mails

They are one of the biggest distractions of office life, pinging into your inbox every few minutes.

But ignoring your emails, even if you get hundreds a day, is not the best way to be more productive.
Checking just a few times at work has the opposite effect, a review by Kingston University has found, and will probably just make you more stressed.

Ignoring your emails, even if you get hundreds a day, is not the best way to be more productive. Checking just a few times at work has the opposite effect, a review by Kingston University has found, and will probably just make you more stressed, even if you get hundreds a day, is not the best way to be more productive.

Checking just a few times at work has the opposite effect, a review by Kingston University has found, and will probably just make you more stressed.

The four steps

1) Delete or file away emails whenever you check  your inbox – by reducing inbox clutter, people report feeling less overloaded.

2) Switch off email alerts – interruptions can have a negative impact on our efficiency, but make sure that you are still logging on every 45 minutes or so – to stay on top.

3) Use the ‘delay send’ function when sending email out of hours – this means recipients only receive their email during normal working hours. While you are taking advantage of the flexibility of email, you aren’t imposing this on the recipient.

4) Review your personal email strategies – are your emails purposeful and efficient or are they habitual and reactionary? The best advice is apparently to log on every 45 minutes to stay on top of new emails and work priorities.

The review’s author, Dr Emma Russell, Head of the Wellbeing at Work Research Group at Kingston Business School, says: “People use email to help them get their jobs done. Most people say they couldn’t imagine being able to do their work effectively without it, and very few send non-work critical email during their working day.”

The review highlights three popular myths which are not backed up by the academic evidence.

Email myths
The review highlights three popular myths which are not backed up by the academic evidence.
The first is that emails are a ‘time-wasting distraction from “real” work’, while in fact recent studies show up to 92 per cent of emails received are critical to people’s jobs.

Another is that we should limit ourselves to checking email a few times a day, such as in the morning, at lunchtime and before leaving work, which in fact makes people feel less in control.

The third myth is that emails stop us getting on well with other people, because of ‘back-covering’ messages, for example, cc’ing in colleagues who people want to implicate in mistakes.

However studies show the cc’ing culture of copying people into emails in facts forges rewarding relationships by keeping workmates informed and in the loop.

Dr Russell wrote: ‘The same participants also reported that processing more email resulted in greater perceived coping – actually dealing with email and keeping on top of it helped workers to feel in control.”

The study was commissioned by Acas, the mediation service which also provides workplace training.

By Victoria Allen for The Daily Mail

  • 1
  • 2

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top