Follow

Avoiding Phishing and Malicious Email

 

Some phishing scams send you emails using deceptive email addresses or even through the email address of someone you know. If you click on the link or file or follow the instructions of the the email, the scammer can potentially acquire sensitive information from you or harm your computer.

Some techniques for identifying phishing and malicious emails are outlined below.

Click on the image to see a larger version.

Sender

The email is probably phishing or malicious if

  • you don't recognize the sender's email address as someone you ordinarily communicate with.
  • the email is from someone outside your organization and is not related to your job responsibilities.
  • the email was sent from someone inside the organization or from a customer, vendor, or partner and is very unusual or out of character.
  • the sender's email address is from a suspicious domain (like "micorsoft-support.om").
  • you don't know the sender personally and he or she was not vouched for by someone you trust.
  • you don't have a business relationship nor any past communications with sender.
  • it is an unexpected or unusual email with an embedded hyperlink or an attachment from someone you haven't communicated with recently.

 

Subject

If you answer yes to either of these questions, you probably should not trust the email.

  • Did I get an email with a subject line that is irrelevant or does not match the content?
  • Is the email message a reply to something I never sent or requested?

 

Hyperlinks

The email is probably phishing or malicious if

  • you hover your mouse over a hyperlink that’s displayed in the email message, but the link to address is for a different web site. (This is a big red flag.)
  • you received an email that only has long hyperlinks with no further information and the rest of the email is completely blank.
  • you received an email with a hyperlink that is a misspelling of a known web site. For instance, "www.bankofarnerica.com," in which the “m” is really two characters – “r & n”)

 

Attachments

The email is probably phishing or malicious if

  • the sender included an email attachment that you were not expecting or that makes no sense in relation to the email message. (This sender doesn’t ordinarily send you these types of attachment(s).)
  • you see an attachment with a possibly dangerous file type. The only file type that is always safe to click on is a .TXT file.)

 

To

The email is probably phishing or malicious if

  • you were cc’d on an email sent to one or more people, but you don’t personally know the other people it was sent to.
  • you received an email that was also sent to an unusual mix of people (for instance, a seemingly random group of people at your organization whose last names start with the same letter, or a whole list of unrelated addresses).

 

Date

If you received an email that you normally would get during regular business hours, but it was sent at an unusual time, like 3 a.m., you probably should not trust the email.

 

Content

If you answer yes to any of these questions, you probably should not trust the email.

  • Is the sender asking me to click on a link or open an attachment to avoid a negative consequence, or to gain something of value?
  • Is the email out of the ordinary, or does it have bad grammar or spelling errors?
  • Is the sender asking me to click a link or open up an attachment that seems odd or illogical?
  • Do I have an uncomfortable gut feeling about the sender’s request to open an attachment or click a link?
  • Is the email asking me to look at a compromising or embarrassing picture of myself or someone I know?

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk