Can You Identify a Malicious Email?
A recent trend in email hacking, called social-engineering, is a modern twist on an old trick. Many of us know and understand that we shouldn’t open emails from people that we don’t know. We shouldn’t click suspicious looking links in emails from people we do know. And, we shouldn’t provide any personal or financial information via email.
However, as social engineering has become easier, the world of malicious and fake emails has become trickier. Social engineering allows cyber criminals to send more personalized emails to people. They create emails that manipulate the end-user into trusting them. They deliver their messages using urgency, familiar email addresses or names, requesting verification of personal information or posing as a boss or coworker.
At first glance, these emails will look completely normal. They may even have all the right information including logos and company names. A healthy amount of distrust and the ability to discern a suspicious email from a legitimate one should be a top priority for your company and its employees.
You receive an email from your boss with an urgent, strange request, but not necessarily out of the realm of possibility. You’ve likely already opened the email but haven’t clicked the link or acted on it because the request was just a bit off.
If it’s causing you pause, check the email address. Is the name correct? Is it spelled correctly? Does it match the format of company email addresses? Where is it from? It’s likely that one of these will not match and you can safely delete that email. Still worried you just deleted an email from your boss? Call them, if the matter was urgent a phone call would be quicker anyway.
You receive an email from Facebook (or similar site) stating information has been updated on your account. However, you can’t recall updating anything, so you hesitate before clicking to verify.
The first check would be the email itself. It’s very likely it looks like a Facebook email you’ve received before or something you would imagine them sending. If this is the case, let’s avoid verifying anything through the email. Login to your account and see if your information has changed. If it has, then you can assume your account has been compromised. If the information hasn’t changed then you know that original email was fake and needs to be deleted.
There are many other ways to easily check the validity of an email and this article from Online Tech Tips does a great job of outlining them.
At the end of the day, make sure your employees have current training on how to spot malicious emails. Show them examples and have them talk through scenarios and identify parts of an email that look suspicious. A short training session now can eliminate a security threat later.