Identifying Email Spam and/or Email Scams

The unfortunate reality of modern technology is that no matter what technology you have blocking your inbox from malicious emails, there are a few that will make it through. The key to protecting your information technology systems is to educate your employees on how to identify email phishing scams.

Follow these tips to identify phishing email scams from cyber criminals.

Duplicitous Senders

First review from whom the email has been sent. Is it someone or brand that you normally receive correspondence? Is the display name correct? It could be fake. After analyzing over 760,000 emails attacks, Return Path noted that nearly half of them were counterfeit.

The fraudulent email appears to be legitimate since most user inboxes only display the name. Don’t trust the displayed name.

Don’t open the email :

  • If you don’t recognize the sender’s email address, or it is from a suspicious domain.
  • If it is from someone outside of your organization and the subject is not related to your job duties.
  • If it is from someone you know and it is not typical of what your normally receive.
  • If it is not from someone you know, or have been told by a trusted to source to expect correspondence from.
  • If no business or personal relationship has been established nor have you received any past messages.
  • If it is an unusual email with an embedded hyperlink or an attachment from someone you do not know, or are not expecting.

Hovering your mouse over any embedded links in the body of the email will allow you to review the link address. If you would like to verify a suspicious link, copy the link into the search engine of your choice; such as Google, Yahoo, Bing, etc. This will tell you immediately if the website link is legitimate. 

Exercise Caution with Mass Emails

Don’t open the email:

  • If you don’t know the other people on the email it was sent to.
  • If you received an email of a random group of individuals, such as those with the same letter of their last name or a list of unrelated email addresses.
  • If it was addressed with an ambiguous greeting, such as “valued customer,” not a personal salutation with your name.
  • If something is off with the brand imagery in the header of the email. Common identifiers are misspelled words and poor grammar. A popular example is The “m” is really two characters, “r” and “n.”

Other Phishing Identifiers

Don’t open the email:

  • If the email correspondence is normally received during regular business hours, but this one was sent at 2:00 am, not its usual time.
  • If the subject line and the body of the email (previewed) does not match or is irrelevant to each other.
  • If there are spelling errors, bad grammar, or terminology not generally used to discuss the topic presented.
  • If the sender is urging you to click on a link to avoid negative action, such as having your credit card suspended, or to gain something of value, such as claiming your lottery winnings.
  • If the email instructs you to review an embarrassing photograph or video of yourself or an acquaintance.
  • If the email from a brand or business lacks a company signature or how you can contact them.
  • If the email utilizes a reprisal or threatening language warning consequences from the lack of urgent action, such as “by not clicking on this link and providing us with your login credentials, your account will be terminated.”

Malicious Attachments and Links

Don’t open the email:

  • If the email attachment does not make sense in context to the relationship, if there is a relationship established, or doesn’t make sense in relation to the email message.
  • If the file type is an executable file that you are not expecting, or another potentially dangerous file type, don’t click or link back to it.

One way to protect yourself is to follow this age old advice: “when in doubt, don’t.” Trust your instincts.

email scam spam

Domain Spoofing: What you need to know!

Domain spoofing, is a common form of cyber crime called phishing. It occurs when an attacker appears to use a company’s domain to impersonate a company or one of its employees. This can be done by sending emails with false domain names which appear legitimate, or by...

Prepare for Windows 7 End of Life

Prepare for Windows 7 End of Life

Change comes slowly in the world of business. Usually it is the expense and time-consuming process of update and upgrade computing devices that prevent many from addressing aging systems. However, for many users of Microsoft Windows 7, the time is running...

Want the Inside Scoop?

  Join the Business Technology Community!