Scam or fake emails are a fact of modern life, unfortunately. Every day inboxes are assaulted with scams attempting to trick users out of passwords, account access, money or other sensitive information. Even though email systems are increasingly able to filter out fake or spoofed emails, some messages inevitably sneak their way through to the Inbox.
Knowledge is power when it comes to security. To that end, below are several key signs that an email might not be legitimate and attempting to scam the reader.
A sense of urgency is a tell-tale sign, be it some form of stated deadline or plea to help in some dire situation or posed emergency. The pressure to make a quick decision or response is a key element of almost all forms of social engineering, including scam emails.
Mistakes in grammar, spelling or unusual word choices are often another key indicator something might be amiss with an email. Also, unusual greetings are another sign. If no one in your company ever begins an email with “Salutations,” then getting one might raise more than an eyebrow.
Understand that the name displayed as the email’s sender is just a label that’s easy to fake, like the first and last name of an important person. It’s akin to writing your From address on a postcard. That’s far easier to fake than the actual email address, and the displayed name does not guarantee the address it came from.
As for the email address, that’s another sign of fake emails. If the email From or Reply address is either from a free email account (like @yahoo.com or @gmail.com or @hotmail.com or similar) or from a domain that is one letter off from your company’s real email addresses, then it’s likely trouble. For example, if an email address at your company is email@example.com then immediately raise suspicion if the email address the mail came from is firstname.lastname@example.org (spelled with an N instead of an M) or @c0mpany.com with a zero instead of an O. These tricks of using a slightly misspelled name don’t hold up to any scrutiny but can be enough to trick someone that only glances at the email with too many unread messages overwhelming their Inbox.
Emails from someone that normally doesn’t send you a message might be another indicator of a fake message. If a person never has direct contact with the Chief Financial Officer, and then a message from the CFO asking for a quick favor to go purchase several iTunes gift cards for a company-wide promotion should be a red flag.
And as with all emails these days, be wary of links or file attachments. Hovering the mouse over a link without clicking it can help inspect where a link really goes. Be sure to scan email attachments with anti-virus programs, and keep Microsoft Office files like Word documents or Excel spreadsheets in ‘safe mode’ (read-only and not editable mode) if at all possible to avoid macro viruses.
Finally, if an email gives any pause for concern but its legitimacy is hard to tell, just ask someone from your Security department to look it over. Much better to verify a potentially questionable email than to launch a system-wide virus, from both your perspective and that of your Security department!