We all get our share of spam, some more than others. But how do we differentiate between simple commercial spam and the types of emails that are sent with malicious intent?
The unsolicited commercial spam email is generally easy to recognise, report, and discard, but what about more dangerous types of spam? How can you determine if an email contains a malicious link or attachment, or is trying to scam you out of money or your personal information?
And if you do discover you have malicious emails in your inbox, what then? Is reporting as spam and deleting the email enough?
Knowing what you are up against helps you determine what to do with all that spam—whether it’s simply a nuisance or a landmine waiting to detonate. We will be releasing 3 blogs over the next few days looking into malicious emails, starting with 5 red flags for spotting malicious emails:
The sender address isn’t correct
Check if this address matches the name of the sender and whether the domain of the company is correct. To see this, you have to make sure your email client displays the sender’s email address and not just their display name. Sometimes you need to train hawk eyes at the address, since spammers have some convincing tricks up their sleeve.
The sender doesn’t seem to know the addressee
Is the recipient name spelled out in the email, and are you being addressed as you would expect from the sender? Does the signature match how this sender would usually sign their mails to you? Your bank usually does not address you in generic ways like “Dear customer.” If the email is legit and clearly intended for you, then they will use your full name.
Embedded links have weird URLs
Always hover first over the links in the email. Do not click immediately. Does the destination URL match the destination site you would expect? (Once again, train those eagle eyes.) Will it download a file? Are they using a link shortening service? When in doubt, if you have a shortcut to the site of the company sending you the email, use that method instead of clicking the link in the email.
The language, spelling, and grammar are ‘off’
Is the email full of spelling errors, or does it look like someone used an online translation service to translate the mail to your language?
The content is bizarre or unbelievable
If it is too good to be true, it probably isn’t true. People with lost relatives that leave you huge estates or suitcases full of dollars in some far-away country are not as common as these scammers would have us believe. You can recognize when email spam is trying to phish for money by its promises to deliver great gain in return for a small investment. For historical reasons, we call this type of spam “Nigerian prince” or “419” spam.
Next up
Tomorrow we will be looking at how to identify if the spam mail is really malicious.
If you would like to learn more about tools that can add layers of protection to your business, such as Office 365’s Advanced Threat Protection or Lucidity’s Next Gen Anti-Virus and Anti-Malware, please contact us today!