5 tips on How to Spot a Malicious Email

Email spam filtering is much better than it used to be.  For example with the anti-spam service I use I get maybe one spam email a week.   But no system is perfect and every now and then a malicious email will manage to slip into your inbox, so it’s critically important that you can recognise a malicious email when you see it as it can do serious damage.

We’ve seen over the last few weeks a dramatic increase in the amount of emails that are being received which contain malicious links.  If these links are clicked, they will download and install Crypto malware on to computers. 

So I’ve put together some tips for you to look at and maybe distribute to your staff to help them identify a malicious email –

1     Use the Outlook Reading pane to examine suspicious emails

I don’t have this set on all of the time but find it very useful when I receive an email that I’m just not quite sure about.  It’s easy to switch on and off.  If you’re using Outlook 2010 or 2013 to switch it on – Click on the View tab and then the Reading Pane button.  From the reading pane you can read the content without opening it.

2     Examine the email address

There are 2 important components of the email address that you see in Outlook.  One is the display name (the user friendly name) and the other is the actual email address.  The display name may tell you that it is from a specific person or business but you can get confirmation by using the reading pane and looking at the email address beside the friendly name.  If it doesn’t match then it’s likely to be malicious.  Sometimes though it can match and it’s then very important to follow the other tips.

3     If the email contains a link

If the email is asking you to click on a link the easiest thing to do is hover your mouse over the link without clicking on it.  If the link is not taking you to the website that email is supposedly from, it’s most likely malicious.

4     Look at the language in the mail

If the email starts “Dear customer” chances are its malicious.  Other language in the email is also a give-away to it being malicious.  I’ve received emails where it appears to be legitimate but the language being used isn’t quite right.  Remember any reputable business is not going to ask you to confirm your personal details by sending you an email.

5      It has an attachment

Sometimes there isn’t a link but an attachment instead.  It could be a zip file or other file format.  If you are not expecting it, don’t open it.  I received an email for my rates containing what appeared to be an invoice attachment, telling me I was overdue.  My immediate reaction was horror as I thought I hadn’t paid it but I took a breath and starting looking at the email and realised that it was a well-crafted malicious email.

If in doubt – call your IT support or delete it.

About the Author

Geoff Stewart is a highly experienced and skilled IT Challenger at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT’s mission is to address and overcome the 4 biggest problems businesses have with their IT systems and support which are: poorly performing systems, unreliable systems, unresponsive IT support and poor IT related advice. 

We’ve developed a proprietary process that allows us to do that by: thoroughly understanding your business requirements, gaining an in-depth knowledge of your IT systems, identifying mission critical technology issues vital to your business performance and ensuring our ‘Solution Path’ process is specifically designed and tailored for you with value based solutions and support.

Call us today at 1300 478 738 or email geoff@suretyit.com.au to find out more about how we go about achieving these outcomes.