How to Verify a Message the Right Way

Verify a Message the Right Way Grand Rapids Managed IT
Post Date: April 6, 2026

How to Verify a Message the Right Way

The first rule of verifying a suspicious message is to break the chain.

Breaking the chain means refusing to use any contact information provided inside the suspicious message.

Have you ever gotten an email that seems kind of fishy but also isn’t completely out of the realm of possibility?

We’re talking about unexpected requests for money, credentials or other sensitive information.

They’re believable enough to be real but could spell disaster for your organization if you click a malicious link or open an attachment containing malware.

There are many ways to verify a message safely, but common mistakes can make things worse. Here are some practical guidelines.

Verify Using a Known, Trusted Channel

Whenever you’re dealing with money or sensitive information, it’s important to verify the request is real through a known channel.

Here are three ways you can easily find the correct information:

  • Go directly to the “Contact” page on a vendor’s website.
  • If an email from your CFO requests a wire transfer, call them using the number already in your phone instead of the one found in the email.
  • If you’re being asked to log in to a specific portal, navigate to that portal manually rather than clicking a link in an email.

Don’t rely on email addresses, phone numbers or links within the email itself. Attackers use fake addresses and phone numbers to redirect your messages to them rather than the actual contact.

Malicious links in emails can install malware on your computer or redirect you to fake websites designed to steal your credentials.

Attackers are getting better at disguising their phishing attacks, and technology alone can’t stop these scams; awareness is just as important. Verification fails when people panic or rush, and training reduces that risk.

Common Verification Mistakes

Despite finding that an email is unsafe, many people still verify it incorrectly.

You probably know not to interact with a phishing email, but you can take that even further:

  • Don’t reply for any reason. Don’t ask, “Is this legit?” or fire back with a triumphant, “I know this is fake!”
  • You can hover over email links (or long press them from your phone) to get the tooltip to pop up and preview the URL, but still DO NOT click. It’s a strong method for checking the safety of a link, but it’s also highly risky, as you might accidentally click it.
  • Don’t forward the email to IT or someone else you trust “just to ask” or get a second opinion.

Verifying an unsafe email only gives the scam more opportunities to succeed.

Report Suspicious Emails

Always report suspicious emails to your IT team or managed service provider.

If you don’t have a reporting tool, take a screenshot of the email and send it to your IT team or MSP. Don’t forward the email, as that only gives the scammer another chance to succeed (you’re making copies of the dangerous link and spreading them out to more inboxes).

At Hungerford, we have a Phish Alert Button we ask our clients to use. It removes the email from the user’s inbox and automatically scans it to determine whether it’s legitimate. If the result is inconclusive, our security team can manually check the email.

Train Your Team to Spot Phishing Emails

Attackers are getting better at disguising their phishing attacks, and technology alone can’t stop these scams; awareness is just as important. Verification fails when people panic or rush, and training reduces that risk.

If you’re looking to protect your company from cybersecurity threats, contact us to learn how we can help train your employees to spot the telltale signs of a scam.

Stay updated! Get tips and insights delivered to your inbox weekly by subscribing to our newsletter.

Get Support
Subscribe To Our Newsletter

Share this post

Related Posts

Phish Alert Process Hungerford Managed IT Services West Michigan
08Apr

Phish Alert Process: Was a Threat Detected?

What happens after you push that Phish Alert Button? Rest assured,... read more

Zero-day Vulnerability Grand Rapids IT
01Apr

What are Zero-day Vulnerabilities?

Imagine someone finds a spare key to your office that... read more

Deepfakes are Costing Companies Real Money Cybersecurity Grand Rapids
30Mar

Deepfakes are Costing Companies Real Money

Using AI to digitally alter images, videos and audio is... read more

JIT PAM and Password Rotation Cybersecurity Grand Rapids
25Mar

How We Enhance Your Security with JIT PAM and Password Rotation

Our clients give us the master keys to their IT... read more

Work From Home Cybersecurity Business Managed IT
23Mar

Why Work from Home Shouldn’t Be a Security Concern

Are you worried your work-from-home employees are more susceptible to... read more

Device Code Phishing Grand Rapids Cybersecurity
19Mar

What is Device Code Phishing and How to Defend Against It

You’re most likely familiar with device codes even if you’ve... read more

Video Call Issues Grand Rapids Managed IT Services
17Mar

Video Call Issues? Maybe It’s Time for a New Computer

Freezing video. Echoing audio. These video call issues are a nightmare... read more

Human Risk Management Michigan IT Services
12Mar

Human Risk Management: Data-driven Training

When you hear the word “cybersecurity,” what comes to mind? You’re... read more

How to Fact-check AI Grand Rapids Managed IT
09Mar

How to Fact-check AI

Generative AI can be an incredible time-saver, but it also... read more

Grand Rapids Co-Managed IT Enterprise Tools
04Mar

Co-managed IT Gives Hungerford’s Clients Access to Enterprise Tools

Co-managed IT — or hiring a managed service provider... read more