Folks working in IT might be aware of how to spot the red flags on a spam/phishing emails and the ones who don’t not so much. The lack of knowledge about cyber security is the reason why many of us are prone to cyber-attacks.
To survive in this fast technology-pacing world, we are responsible to lead a safe lifestyle. That means understanding what we are dealing with and learn to watch out for signs.
So, whenever you receive an email from anyone and I mean, anyone, the following are the details you look out for.
Check where the email was sent from – the sender address. Ask yourself this, do you recognize it? Are you expecting email from this person or that domain (the one after the “@”) – usually that’s the company/organization name. If it’s not something you recognize, then try googling the domain name, sometimes if the domain belongs to spam domain, you would probably get a hit.
Here is a site to check your domain or sender address check to see if its rouge/blacklisted – https://mxtoolbox.com/domain/
You may be wondering how a “To” address could possibly tell you it’s spam/phishing email. True, but there are certain aspects that would give away the authenticity. Check if its rightly addressed and only to you. If not, validate if you know the set of members it is addressed to; including if you are cc’d or blindly copied.
If it’s sent during odd times, it’s probably not legit.
Your content of the email should always match the subject. If it doesn’t, there’s a red flag right there. If the subject is it too enticing to be true or there’s no subject at all, it’s probably a fake email.
Malicious links can be really sneaky, and especially if someone wants to trick you into clicking it.
In-order to make sure the link is legit, always hover over the mouse over the link to check if the link displayed and the link-to address are the same. Do not click the link if it doesn’t match. Even if the link matches, make sure it’s not a downloadable link, it could download malicious file to your device.
Like you checked the reputation of the domain, similarly you check for the URL here – https://www.virustotal.com/gui/home/url
Little tip – If that link contains a malicious executable, Virustotal would expose it for you.
If the content is too good to be true, sender requesting to open the attached document or click on the link, asking you to enter personal information, content with too many grammatical errors or spelling mistakes are signs that it’s a spam/phishing email. One other major red flag is, if the content has too many legal terms that’s threatening or any warning saying it will lead to negative consequences if ignored.
If at least one of the above statements is true and then you should be careful about opening the document. If you still want to download – upload and scan the file before opening it using Virustotal (https://www.virustotal.com/gui/home/upload). If the file is hassle free but is requesting for any personal information that shouldn’t be asked over an email, it’s a clear bad sign.
Bear in mind, of all the ways you can become a victim of a cyber-attack, email scamming/phishing is the most used thus far. Hence knowing how to spot the signs is important to stay safe in this technology driven world.