How to spot malicious emails

 

  • NEVER forward a suspicious email to another member of staff, including members of IT.

Most common red flags that signify a dangerous/malicious email

Here are some common red flags that you should be on the lookout for in your mailbox:

  • The email doesn’t address you by name. This is more important than you may think. If the email begins with a simple “Hi,” a vague “Sir/Madame,” or your email address, there’s a large possibility that the email is spam. These sort of impersonal greetings will often be a warning that you need to keep your eyes keenly peeled for one (or more) of the following malicious attempts.

  • The from address doesn't match the email address. Usually the From field in the email will say it is from a certain person, however the actual email address will not match this. Below is an example of what this looks like. 




  • Attachments are executable files. Generally, attachments you receive will be documents or graphics with the corresponding “.doc,” “.pdf,” “.jpg,” or “.png” extensions. Never will it be appropriate for you to receive attachments that are “executable files,” or files that will actively run a program on your machine. These files end in extensions like “.exe,” “.com,” “.bat,” or “.scr” (or, more cleverly, a double extension like “.doc.exe”). Oftentimes these sorts of attachments will end up running a malicious program on your machine, so be sure to contact the sender (preferably by phone) prior to opening to verify that the file is legitimate.

  • Hyperlinks are masked. Sending a web link in an email seems common and innocuous enough, right? As long as the link takes you where it claims to. Links to websites can easily be masked or hidden, meaning that a seemingly harmless URL could really be pointing you to a different site that is riddled with malware. To make sure that any links are safe, there are two easy ways to check their veracity: 1) hover your mouse over the link and check the URL that appears in the bottom left-hand corner of your screen; 2) right-click on the link and check its “Properties.” In either case, the URL on your screen or in the link properties should match the URL in the email. If there is hyperlinked text rather than a URL, make sure that the web address has only one domain (https://www.outlook.office356.com  as opposed to http://www.office365.malicioussite.com ).

  • The links are for HTTP instead of HTTPS. Any link that starts with HTTP is unsecure and in most cases, should not be trusted. Legitimate links to known websites will usually, but not always, start with HTTPS. See below for an example. 

  • The email contains requests for personal informationAlways be suspicious of messages that make requests for any sort of sensitive or personal information, even if it appears to come from someone you know.Whether it is your bank requesting information (or else you’re subject to a ridiculous fee!), your email provider requesting credentials (or else they’ll delete your account!), your CEO requesting immediate funds (or else she’ll miss her flight!), or a law enforcement official demanding your address and SSN (or else you’re obstructing an investigation!), verify the request before you do anything. Hackers have the ability to “spoof” emails (mask their email address with another), so that they appear to come from a trusted sender; in many cases, hitting “Reply” will reveal an unknown Gmail or Yahoo! account. Call the supposed sender to make sure the message came from them, and—just to be extra careful—begin a new email chain if and when you do respond to a legitimate request.


Top tips to keep yourself safe from malicious emails

When it comes to keeping yourself safe from malicious emails, here are the main principles to live by:

  • Only open attachments you explicitly requested.

  • Check that the From field actually matches the sender. 

  • Verify all web links before clicking on them.

  • If something is in your junk folder, 9 out of 10 times it is junk. 

  • Be wary of any email that uses threats or intimidation to try to coerce you, even if the sender appears to be someone you know.

  • Investigate any and all emails that do not address you by name, especially those that supposedly come from a known sender.

  • ALWAYS check with your manager or the IT Team if you are unsure about an email.

  • NEVER forward a suspicious email to another member of staff, including members of IT. 

 
As annoying as it may be, it is critical that we all remain suspicious of the messages we receive; hackers and cybercriminals are a toxic combination of relentless and creative, so we must remain guarded at all times.