Following on from yesterdays blog, How to identify malicious emails, today we will look at whether the email is actually malicious and some techniques scammers use to make it seem legitimate.
Is the mail really malicious?
Please note that you need to weigh all the red flags in yesterday’s blog if you want to rule them out as spam or malicious. Each of them is a red flag by itself—even if the other elements look legitimate. And, even if all of the red flags have been cross-checked and determined as sound, that doesn’t rule out the possibility of the email still being malicious.
Sender addresses can be spoofed, signatures can be stolen or mimicked, domains can be typosquatted, accounts can be hacked, and the spelling and translation services among spammers are improving rapidly, as spammers have noticed that it improves their success rate. It’s also not always immediately clear from the content if the email is spam, scam, or bona fide truth. Some malspam authors have shown great creativity in coming up with believable stories to tell.
So when all else checks out but your gut tells you something is off, there are other edicts to keep in mind when determining whether an email could be misleading.
Does the company usually communicate like this?
Reputable banks do not send you unsolicited mails asking for credentials, they do not use link shortening services, and they will certainly not ask you to send your credit or debit card to them by (snail) mail. The IRS and Microsoft will not email you to tell you that you owe them money or that your computer has a virus. There are certain things that organisations just will not do—but threat actors like to fool users by seeming to come from a legitimate, scary company.
There are attachments
First and foremost: do not, under any circumstances, open any attachments that you were not expecting. It’s as easy as that. If you receive an attachment without forewarning from a company or individual that you do not know, do not double-click on it. If it’s from a friend, acquaintance, or company that you do business with, it is still necessary to check with the sender to see if it is safe to open the attachment.
There is a call to action button
Some dangerous spam emails do not come with malicious attachments but instead try to trick you into downloading a malicious file, courtesy of a call-to-action button. This button is simply a fancy embedded link that is meant to draw eyes and clicks. You can examine the call-to-action button in the same way you do links—by hovering over it. If you’re not sure, check with the sender and/or simply delete the email.
They are phishing for information
Another type of dangerous spam is the type that phishes for information. This information does not necessarily have to concern you directly; it can be about the company you work for or someone you know well. Password credentials and credit card numbers aren’t the only data threat actors look to steal via malicious email. Always be cautious, always stay suspicious, until you can verify that the person requesting this information is who they say they are.
Next up
Tomorrow, in the final blog of this series, we will look at what to do with a suspected malicious email.
If you would like to learn more about tools that can add layers of protection to your business, such as Office 365’s Advanced Threat Protection or Lucidity’s Next Gen Anti-Virus and Anti-Malware, please contact us today!