Received someone else’s confidential email? Here’s what to do.

Find out what you should do when a misdirected email lands in your inbox.

'How to' guides

When we think about misdirected email, we often put ourselves in the shoes of the sender. After all, nobody wants to tell their manager that they might (however accidentally) be responsible for a data breach. But what you do when you’re on the other side of the inbox?

What if I know the sender?

Sometimes when we receive an email meant for someone else, it’s just spam. While irritating, email from mass marketing lists don’t require a response – and you probably wouldn’t get an answer anyway. Messages like this can simply be ignored and deleted. If it keeps happening, you can report the sender as junk or spam to block future messages.

On other occasions, you might accidentally receive a confidential email with information meant for one person (or a few people) you know. It’s a common occurrence, especially within a large business where autocorrect can incorrectly select people with similar names. When you accidentally receive a confidential from someone within your own organisation, things are pretty simple.

If it’s obvious who the email was intended for, just forward it on and cc the original sender, letting them know what you’ve done. If you’ve no idea who the message was supposed to go to, simply let the sender know you received it by accident and move on. When we accidentally receive a confidential email from people outside our own organisations, things are a little trickier.

Should I respond to confidential emails from strangers?

Ethically, you don’t have to do anything. There’s an element of common sense to be used. If it’s a marketing message, spam, or something that looks entirely unimportant – simply delete and move on. However, if the message appears urgent to somebody’s life or career, it’s likely you’ll want to consider stepping in.

The person who’s emailed may have inadvertently caused a data breach, so it could be important you get in touch and let them know. If the email involves sensitive information, this could be a serious problem for the people involved. Perhaps the email was intended for a client – in which case the client’s data is at risk and the sender has inadvertently committed a data leak.

Replying to the sender is a good thing to do for a couple of reasons. It makes the sender aware of their mistake and less likely to bother you again in the future. Plus you might be doing them a massive favour when it comes to catching a data breach early. Of course, it wasn’t your mistake and you’re under no legal obligation to do anything at all. Ultimately, it’s your choice to make.

How to avoid making this mistake yourself

Misdirecting an email can be awkward. In the worst cases though, businesses can lose clients and employees can lose jobs. You can avoid finding yourself in this position by double-checking the recipient email address (especially when autocomplete is involved), the cc field, and the Bcc field. You’ll also want to double-check any attachments.

However, we’re only human. It’s not possible to catch every mistake or typo over the course of a whole career. Organisations can set up static rules (for example, you can send emails to business A but not business B), but these traditional methods are rigid and unreliable. They also rely on constant prompting that can give even the most diligent employees ‘click fatigue’ after a while. The best solution for avoiding misdirected email altogether is through human layer security.

Egress Intelligent Email Security is an example of human layer security, as it’s able to adapt to your individual behaviour through machine learning. It helps you to catch context-driven mistakes such as adding the wrong recipient, attaching the wrong file, or forgetting to use Bcc instead of cc. If you’d like to learn more about human layer security and email data loss prevention (DLP), you can explore our content hub for more information. Or if you’d like to start a trial, get in touch and we’ll be more than happy to arrange a free demo with your IT team.