Here is a scary, but very real story: A company had an employee receive an email from their HR/Accounting department asking the individual to update their direct deposit information, or so the person thought was their colleague.
The employee went on and replied to this email including their bank account information to the “HR/Accounting department”. The individual then followed up (days or weeks later) with their HR/Accounting department when they did not receive a paycheck!
The email, in fact, was not from the person’s employer, but indeed from a cyber-attacker.
DO NOT FALL VICTIM TO CYBERSECURITY ATTACKS, WHICH CAN LOOK LIKE EMAILS FROM YOUR OWN WORKPLACE!
What you can do: That is why it is so important to not only identify email security warning signs (linked article from October 2018 here) but also verify directly with the individual in another method versus email (by phone call or in-person at the office).
At the end of the day you cannot completely prevent spoof emails* however, it is important to know the warning signs in which to differentiate spoof emails v. legitimate emails from your company and verify with the supposed sender via phone or in-person before hitting send.
*Email spoofing is a creation of email messages with a forged sender address. Because the core email protocols do not have any mechanism for authentication, it is common for spam and phishing emails to use such spoofing to mislead or even prank the recipient about the origin of the message.