A recent trend in email hacking, called social engineering, is a modern twist on an old trick. Many of us already know and understand that we shouldn’t:
- Open emails from people that we don’t know.
- Click a suspicious link in emails from people we do not know.
- And, we shouldn’t provide any personal or financial information via email.
However, as social engineering has become easier, the world of malicious and fake emails has become trickier. Social engineering allows cybercriminals to send more personalized emails to people. They create emails that manipulate the end-user into trusting them. They deliver their messages using urgency, familiar email addresses or names, requesting verification of personal information, or posing as a boss or co-worker.
At first glance, these malicious emails will look completely normal. They may even have all the right information including logos and company names. A healthy amount of distrust and the ability to discern a suspicious email message from a legitimate one should be a top priority for your company and its employees.
In our most recent blog, the professionals at Braden Business Systems discuss tips to identify potentially malicious emails.
Tips to Identify Malicious Emails
Look for Emails That Give You Pause
Generally speaking, any email that gives you reason to pause should be inspected. Imagine you receive an email from your boss with an urgent, strange request, but not necessarily out of the realm of possibility. You’ve likely already opened the email but haven’t clicked the link or acted on it because the request was just a bit off.
If it’s causing you to pause, check the email address. Is the name correct? Is it spelled correctly? Does it match the format of company email addresses? It’s likely that one of these will not match and you can safely delete that suspected malicious email. If you’re worried you might have just deleted an email from your boss, call them. If the matter was urgent, a phone call would be quicker anyways.
The Language of the Email Is Just Off
If there are spelling and grammar mistakes throughout the email, or it appears someone used an online translation service to translate the email to English, then there’s a good chance it’s a phishing email, and you should not take any further action.
The Email is Unbelievable
It’s highly unlikely that you’ll be notified by a strange email that you just won $5 million dollars or inherited a huge estate from a long-lost relative you’ve never heard of. As the saying goes, if it’s too good to be true, it probably is! These are phishing scam attempts, and you should simply delete the email immediately.
It Asks for Sensitive Information
If a company or institution sends you an email that is asking for sensitive information such as your social security number or credit card information, it’s highly likely a scam. The majority of legit businesses will not send emails requesting this type of sensitive data or information.
Let’s say the scammers are on top of their game, and you’re having a difficult time deciding whether it’s a legitimate email or a phishing attack. Never click on the embedded links, but you can hover over them with your mouse to see if they match the destination site. Weird URLs are a tell-tale sign of phishing emails.
Does the Sender Know You?
If the sender doesn’t address you by name in the email, there’s a chance it’s a phishing attempt. If the email is from your bank or credit card company, they will almost always use your full name. Emails that begin with “dear valued member” or “dear customer” are likely signs of phishing attempts.
The Email Contains Attachments
Most legit companies won’t send you unsolicited emails with attachments. Instead, they provide a link where you can download the information from their website. Be wary of any company that sends malicious attachments in their emails.
Email about Updates You Didn’t Make
Let’s say you receive an email from Facebook (or similar site) stating information has been updated on your account. However, you can’t recall updating anything, so you hesitate before clicking to verify. The first check would be the email itself. It’s very likely it looks like a Facebook email you’ve received before or something you would imagine them sending.
If this is the case, let’s avoid verifying anything through email. Login to your account and see if your information has changed. If it has, then you can assume your account has been compromised. If the information hasn’t changed, then you know that the original email was fake and needs to be deleted.
Contact Braden for Security Solutions
At the end of the day, make sure your employees have current training on how to spot malicious emails. Show them examples and have them talk through scenarios and identify parts of an email that look suspicious. A short training session now can eliminate a security threat later.
Braden Business Systems uses monitoring tools and advanced technologies to prevent and defend against phishing attacks. To learn more about how Braden can keep your business safe from phishing attempts and malware email attachments, contact us to request service.