This month in our tech-talk we’re going to feature our discussion around ways of identifying suspicious emails.
Why is it important?
Malicious emails are becoming more sophisticated and harder to detect as perpetrators develop new methods to target users. A successful email attack on a business can harm productivity or bring the business to a halt. It’s not all doom and gloom! We are providing you with a few methods, tips and tricks which should assist you in spotting malicious emails before they become a danger to you or your business. Remember, the key is always to stay calm and stay vigilant!
Is the email sender familiar to you?
First and foremost, identify if the person, company or organization is one which is familiar to you. Have you signed up for products or services with them in the past? Are they a known person you’ve corresponded with or have provided your email to?
If not, this is the first step in identifying a potential malicious email. Although cold-call emails are common (especially if your business accepts public requests for inquiry), it doesn’t hurt to approach a new email with a healthy dose of caution.
Double-check the email sender’s name and email address.
Double-checking the name of the sender is a good practice. It’s easy for us to casually skip over this in our day-to-day business however if you’re receiving suspicious looking email from them, this is a crucial step in assessing a potential threat.
First, check the spelling of the name of the sender. Ensure that there are no typos in the sender’s name itself. Second, closely examine the email address of the mail sender.
For example, you may receive an email from “Apple Support” requesting you “Click on this link” to reset your password. If you examine the email address of the sender itself, it may give you additional clues if this email is legitimate or not. There may be typos in the email address or the email address may look suspicious itself. If the email address itself seems suspicious, copy and paste it into your search engine to check if this is indeed a legitimate email from the company or organization.
If you’re not sure the person you’re familiar with has sent you an email, or suspect that their email may have been hacked – contact them directly to check! There is nothing wrong with sending the person you know an email, text, or quick call to confirm they sent you the email.
Assess the email content.
Sometimes it’s easy to pick up on whether an email is malicious or not, other times it’s not. Perpetrators can deploy a wide-range of methods to invoke the response they want out of their potential victims.
The key to mitigating the risks is having the patience to carefully review the email content before taking any actions.
Malicious emails may attempt to appear as legitimate messages such as from government tax agencies, company support or as billing requests. Often, illegitimate emails will use tactics to dissuade you from carefully reviewing the email content by using threatening language or prompting immediate and urgent action.
If the emailer is attempting to urge you into immediate action – more likely than not, the malicious emailer is attempting to dissuade you from carefully reviewing information and prompting you to click links, provide sensitive information, or urge you to make payments. These types of high-urgency messages typically attempt to motivate the reader into a sense of panic. Stay calm, review the sender’s email address and investigate if the email address is legitimate or not. If you are not sure, contact the company or organization directly to confirm the validity of the email.
Emailers may attempt to scare users into performing actions. This may include clicking on links because “Your account as been compromised” or “You must pay ‘x’ amount of money” or there will be “immediate repercussions.” Caution is always advised because there is always the chance that these may be legitimate warning emails.
There are key identifiers which assist in examining whether these are legitimate emails. Review the email sender information to see if the email address is valid and use your search engine to research if the company or organization actually uses that email. If the email is using threatening language, this is suspect, most companies and organizations stay away from threatening language when sending information about compromised accounts or accounts which have outstanding balances.
Unusual demands for money.
One way to identify the validity of the email is examining what kind of demands are being made if there is a payment request. In most cases, it is safe to assume that legitimate organizations, companies or institutions will not request that you make payments in gift cards or Bit Coin. This is a common request in scam emails where payment extraction is an end goal. If you have questions about payment requests or whether your accounts are overdue, login to your account online and check your balance, alternatively you can directly contact the company or organization and request they provide you with your account balance and method of payment.
Images and links.
Refrain from clicking on images and links on suspicious emails until you have been able to establish that they are safe links to visit. Sometimes a link may say one thing but point to somewhere else completely different. One way to identify this is using the trick of hovering your mouse cursor over the link without clicking on it. Typically when you do this, either on the bottom right or bottom left of your screen, additional information will appear which shows the true link address.
For example, a link may say “Click on www.google.com/login to change your password” but the actually link itself may point to somewhere else. This is a strong indicator that the link is not safe to visit. Another way to check a link is to carefully use your mouse to “right-click” and copy the link address, then go to your search engine and paste the link in there to search (be careful not to enter the link and visit the site). The search results may provide additional insight into whether the link Is legitimate or not.
There are times when scammers or malicious players try to send an email which includes an attachment file, encouraging you to open and perform tasks on it. Sometimes emails may arrive from known contacts, however they may have been compromised and are forwarding the virus attachment automatically. If you receive an email which you believe to be suspicious and includes an attachment, it is recommend that before downloading or opening the file, to scan it with anti-virus software. If you have received a suspicious email from someone you are familiar with, the best course of action is to wait before downloading the file and contact the person directly to verify the that the file is safe to download and view.
Set Your SPAM Filter.
Finally, make sure that you have your SPAM filter set up on your email account. What’s a SPAM filter? A SPAM filter helps to sort out legitimate emails from potentially malicious messages. You can learn more about SPAM filters here: https://www.pcmag.com/encyclopedia/term/51792/spam-filter.
SPAM filters are a great way to quickly lower the number of ‘junk’ email you receive, but also make sure to check in ever so often in-case a legitimate email does get sorted into here.
There simply isn’t a sure-fire guarantee that you will not be targeted from a potentially malicious email, unless you don’t have an email. However, with the help of these techniques and staying vigilant, you’ll be in a good spot to detect potential threats and protect yourself and your business from threats.
If there is a virus or threat to your technical threat to your business or have fallen victim to an email scam, it is recommend that you contact your local authorities and as well contact the Canadian Anti-Fraud Centre for further guidance: http://www.antifraudcentre-centreantifraude.ca/reportincident-signalerincident/index-eng.htm.
Consumer Protection Ontario: Report Scam or Fraud
Canadian Anti-Fraud Centre
RCMP: E-mail Fraud/Phishing