This is the third blog in our series about malicious emails. You can read the first two blogs, How to identify malicious emails and Is the mail really malicious by clicking on the links.
What to do with a suspected malicious email
The answer to this is quite simple: delete the email. You can ignore it and let it fester in your inbox or you can get rid of it and send it to trash, where it will be permanently dumped from your email client in a set amount of time. You may also want to report the email as spam before you delete—most email platforms have this functionality built in, and some are better than others are tracking and blocking these types of emails. Reporting the malicious email as spam will not hurt—if anything, it’s giving your email client important intel in the fight against malspam and can keep future similar emails coming to bother you again.
Finally, many banks and other financial companies have a special email address where you can send emails that you suspect to be phishing attempts. They will thank you if you are right about your suspicion. If you’re wrong and it is from them, they might consider changing their email practices to be less spammy.
Safe practices when receiving mail
If you want to be proactive against malicious emails, there are some tips and tools we recommend that will give you the opportunity to safely perform all the checks we have recommended earlier on. This includes changing some default settings in your email client (though yours may already have them in place by default.) Our recommendations are as follows:
“Disable HTML” or “Read in plain text”
This lessens the chance of malicious scripts being executed as soon as you open the email. If you don’t want to disable HTML, then we would recommend closing the preview window. That will allow you to delete suspect emails from your inbox before giving them a chance to do any harm.
Hover over URLs
Make sure you can see the full URL when you hover over a link in an email message. This is built into in most email clients by default. But if it’s not, we highly recommend enabling it.
Check the sender’s email
Make sure you can see the full email address of the sender when you first look at it. This is one of the main indicators that something might be “phishy.”
Use a spam filter
If you have the option to use a spam filter, please use it. It will stop big waves of known spam. It does not make you completely safe, but it saves you a lot of work.
Don’t open attachments
We have said this before, but it’s really important: Please do not open any attachments that you weren’t expecting. The old misconception that only executable attachments can harm you is not true. Documents, PDFs, and other attachments are just as potentially dangerous.
In summary
If you are still unsure whether an email is malicious or just regular spam after checking all the points we stipulated, simply delete the email and go about your day.
If the email contains information you think could be important if legitimate, however, contact the sender in any other way besides using the “reply” option. For example, if it’s your bank, give them a call and ask if they really sent you something and whether it’s safe to open. Chances are, they didn’t—and they’ll be glad you reported the scoundrels for using their name.
If you would like to learn more about tools that can add layers of protection to your business and protect against malicious emails, such as Office 365’s Advanced Threat Protection or Lucidity’s Next Gen Anti-Virus and Anti-Malware, please contact us today!