FAQ IT Security Tech Blog

How to spot malicious or phishing emails

Published: Wednesday, 29 May 2019 08:27

In any business we find ourselves relying on email for a vast amount of communication, however it is inevitable that as much as we embrace the advantages we become increasingly aware of the downsides.  One of those downsides is the constant increase in spam, phishing, and malicious emails.

Unsolicited commercial spam is generally easy to recognise, report and then discard.  But how can you determine if an email contains a malicious link or attachment?  How do you know if it is trying to scam you out of money, or your personal information?

how to spot a phishing email

Basic steps for spotting malicious emails:

The content isn’t quite right

If it sounds too good or is too far fetched to be true, then it most likely isn’t.  Phishing emails will maybe ask for a small investment or payment in return for financial gain.  Or it could be a competition that you don’t remember entering.  It may even come from an account of someone you know, but claiming they are stranded, in need of money, or in an emergency.  If that’s not how you would normally communicate with that person, then don’t hesitate to contact them another way to verify if their account has been hacked or not. 

The sender doesn’t appear to know the addressee

Is yours or the recipient’s name is being spelt out correctly in the email?  Are you being addressed as you would expect to from the sender?  Does the conversation and the signature or sign off match how they would normally sign off their emails to you?  If it appears to be an email from a bank or other company, they would not normally address you in a generic way.  If the email is legitimate and clearly intended for you then the sender would use the correct terms. 

The sender’s email address is wrong

Check that the email address matches the name of the sender.  Also check whether the domain name of the company is correct.  To see this information, sometimes simply hovering over the email address will suffice. Check the header information, which will be in a different place for each email provider.

The spelling, language and grammar is incorrect

Is the email full of spelling mistakes, or is it written in the wrong style for the alleged sender?  Does it look like an online translator has changed the email, so it doesn’t quite read correctly?  Is the language and tone correct, especially if it is meant to come from someone that you know?

Always hover over the links that are included in the emails.  Does the destination URL match the site destination that you would expect?  Can you tell if they are using a link shortening service?  If you have a shortcut to the site of the company sending you the email, then use that method instead of clicking the link in the email.

Is it malicious mail?

Remember to consider all the above if you want to rule out malicious mail or spam.  Even if it has all been checked there is always a small possibility that it could still be malicious as sender’s addresses can be spoofed, signatures can be stolen or mimicked.  URLs can be hijacked, waiting for someone to incorrectly type a URL in.

When all else appears to be legitimate there are other things to keep in mind

Companies and banks generally don’t just send out emails asking for your credentials or security information, nor do they use link shortening services.  They will not ask you to send debit or credit cards through the post.  Companies will also generally not email you claiming that you owe them money, especially if you cannot recall what it is, or do not have an account.  Scammers rely on these threats to fool recipients into believing it and letting their guard down.

If there are attachments, don’t feel obliged to open them if you weren’t expecting them, or if you can’t verify.  If it is from a source that you wouldn’t normally get an attachment from, you can check with the sender that it is safe to open.

If there is a call to action button double check it first.  Some emails do not come with malicious attachments, but instead the scammers will try to trick you into downloading a malicious file using a call to action button.  It is simply an embedded link that is meant to draw your eyes straight to it and click.  You can double check this by hovering over the call to action button and checking the URL.  If still in doubt, then check with the sender.

They are phishing for information that doesn’t necessarily have to concern you directly.  It can be about the company you work for, or someone that you know.  It may be password credentials that they want, or even credit card details.  This isn’t the only data that scammers look to steal via malicious mail, so always be cautious.  It doesn’t hurt to remain suspicious until you can verify that the person requesting this information is who they claim to be.

What you should do if you suspect email to be malicious, is quite simply, delete the email.  You may also want to report it as spam before it is deleted.  Most email platforms will have this functionality built in, but some are much better than others at tracking and blocking these types of emails.  Banks and other financial companies will also have an email address where you can send emails that you suspect to be phishing attempts.

If you want to be proactive then you can also try the following

You can read in plain text or Disable HTML.  This will lessen the chance of malicious scripts being executed as soon as you open the email.  If you don’t want to disable HTML then you could try closing the preview window.  This will allow you to delete suspect emails from your inbox before the can do any harm.

Make sure that you can see the full URL when you hover over a link.  This should be inbuilt into most email providers by default.

Ensure that you can see the full email address of the sender when you first look at the email.  If you can’t, or it doesn’t look correct then this is one of the main indicators that it is phishing for information.

If you have the option of a spam filter, then use it.

If in doubt – Don’t open any attachments that you are unsure of or weren’t expecting.

If you need help with checking emails then give us a call and we can assist you.  Its always worth getting a second pair of eyes on the email, it can often save hours or days of work recovering systems.