Things to look out for in the email sender field
- If you do not recognise the sender’s email address as someone you ordinarily communicate with, but their email suggests otherwise, it might be a red flag for malicious attack.
- The email is from someone outside your organisation and not related to your job or responsibilities.
- If an email is sent from inside your organisation or from a customer, vendor or partner and is very unusual or out of character. An attacker may try to appear as an existing contact so that you are more likely to open their email. Sometimes the sender name might be be correct but the domain can appear spoofed.
- An example would be ‘HarryJones@Speedster-lt.com’ versus ‘HarryJones@Speedster-it.com’, which at a glance looks almost identical but the ‘i’ is actually an ‘L’.
Things to look out for in the subject line
- Did you get an email with a subject line that is irrelevant or does not match the message content?
- Is the email message a reply to something you never sent or requested? A classic example is the support scam, and appears in many varieties. It’s commonly used by cybercriminals impersonating Netflix or Apple, and asks users to update their payment details or risk their account being suspended.
Things to look out for in the email content
- One of the most classic giveaways is when the content of the email has bad grammar or spelling errors, indicating it was translated with an online translation service.
- Is the sender asking you to click on a link or open an attachment?
- Is the attached file the correct extension? If you expect to receive a PDF and the attached file is an .exe or .zip file, it should be seen as a big red flag and indicates the attachment is hiding a malicious intent.
|Office Word||.doc or .docx|
|Office Excel Spreadsheet||.xlsx|
|Office PowerPoint||.ppt or .pptx|
|Compressed file||.zip or .rar|
- Is the sender asking you to click a link that seems odd or illogical? In some cases they might urge you to ‘take action immediately’ to invoke a sense of urgency or importance. If a link asks you to sign in, be sure to double check the URL and ensure you’ve been directed to the right location.
- Likewise you should be wary of malicious URLs containing letters that can look like others in an attempt to trick you to believe it’s the correct URL. An example of this is ‘rn’ that can come off as ‘m’ or ‘vv’ imposing a ‘w’. A safe step is to always navigate to the login page by doing it yourself.
- If a hyperlink is masked as ‘click here’ or ‘log in page’ it means they could direct you to a different URL to what you would expect and steal your information if you were to type it into the fraud website. If you are suspicious of a hyperlink, hover your mouse over the masked text and the URL will appear in the bottom right corner of your browser window.