Estimated reading time: 4 minutes
Know how to identify a suspicious email! While companies may have spam filters and antivirus software, spam and phishing emails can still slip through employee inboxes. Email recipients are the most critical element in preventing an attack. Here are some tips on how to identify the authenticity of a questionable email.
Incorrect Grammar/Spelling/Text Body
First, many phishing emails contain misspellings. These suspicious messages are poorly translated from other languages. Additionally, you will want to pay attention if the time or date appears in the message body of an email. If the email contains the date format of DD/MM/YY, 24-hour time or coordinated universal time (UTC,) it’s likely that the email’s point of origin generated outside of the United States.
Email Format/Absence of Logos/Plain Text Email
Most legitimate messages written with HTML, and should be a mix of text and images. A poorly constructed phishing email may show an absence of images. This email should be a suspicious red flag, and could include the lack of the company’s logo. If the body of an email is only an image as text, it’s possible that it is illegitimate. Outlook blocks showing images by default. If a frequent sender sends you an all text email (which is different than what you usually see from them), beware! Contact the sender direction in a new mail or with a phone call.
Urgent Request for Personal Information
Next, let’s look at how hackers use your personal detail in a suspicious email. Hackers like to convince you to provide or update your personal information about an account, like your Social Security Number, bank account detail, or account password. Phishers will use this tactic to drive urgency for someone to click on a malicious URL or download an attachment aiming to infect the user’s computer or steal their information.
Let’s look at this next step in identifying a suspicious email. High-risk attachments file types include: .exe, .scr, .zip, .com and .bat. Spam filters will generally do a good job of quarantining those formats. Most companies commonly send and receive .zip, .doc, .docx, .xls, .xlsx, .ppt, .pptx and .pdf. However, a malicious sender can implant devious code in those formats as well. Thusly, once the attachment is opened, the computer is already compromised. Take caution if you have sent an email that has an attachment and the sender is questionable. You will want to verify the legitimacy of the doubtful email first. Examine the context of the attachment. Don’t be afraid to question it!
Links in the Email
A common practice is to avoid blindly clicking on links in a suspicious email. Outlook allows you to hover over a link before clicking on it. If the link in the body of the email is different than what Outlook hovered preview reports, it is not legitimate. This is an excellent way to identify a suspicious email. Even if it seems legitimate, open a new browser window and type the URL directly into the address bar. If you’ve clicked on a link, a phishing website will look identical to the original. However, your system may already be compromised. If your work email is connected to your phone, you will want to take extra precaution.
Use Work Email for Work Purposes Only
Ultimately, employees should avoid using their work email address for personal signups. These include social media websites or customer loyalty/ reward programs.
The best way to knowing how to identify a suspicious email is education and alertness. Emails that intend to scare, coerce, and swindle employees cause distress and could be costly. Please share this post and keep alert online!