We all get our share of spam. But how do we differentiate between simple commercial spam and the types of emails that want to get us in trouble, especially if we think it might be real and from someone we know?
The unsolicited commercial spam email is generally easy to recognize and discard, but what about more dangerous types of spam that might hurt your business? How can you determine if an email contains a malicious link or attachment, or is trying to scam you out of money or your personal or business information?
Knowing what you are up against helps you determine what to do with all that spam - whether it’s simply a nuisance or a landmine waiting to detonate.
Five tips for spotting malicious spam emails
Before we jump into determining what to do with a malicious email, there are a few general tips users should learn to spot red flags for malicious activity:
1. The sender address isn’t correct.
Check if this address matches the name of the sender and whether the domain of the company is correct. Sometimes the name will be someone you know (like your supervisor or boss) but the email address will be odd.
To see this, you have to make sure your email client displays the sender’s email address and not just their display name. Sometimes you need to train hawk eyes at the address, since spammers have some convincing tricks up their sleeve. For example:
In this example sender’s address, the email domain does not match the actual bank’s domain, which is santander.co.uk.
2. The sender doesn’t seem to know the recipient.
Is the recipient name spelled out in the email, and are you being addressed as you would expect from the sender?
Does the signature match how this sender would usually sign their mails to you? For example, your bank usually does not address you in generic ways like “Dear customer.” If the email is legit and clearly intended for you, then they will use your full name.
This one is not only in the wrong language, but it is addressed to no one in particular, and is not signed with an employee name you could contact for further information.
3. Embedded links have odd URLs.
Always hover first over the links in the email. Do not click immediately. Does the destination URL match the destination site you would expect? Will it download a file? Are they using a link shortening service? When in doubt, if you have a shortcut to the site of the company sending you the email, use that method instead of clicking the link in the email.
4. The language, spelling, and grammar are “off.”
Is the email full of spelling errors, or does it look like someone used an online translation service to translate the mail to your language?
Does this look like it came from a native English speaker? In fact, it was a very intricate phishing attempt.
5. The content is bizarre or unbelievable.
If it is too good to be true, it probably isn’t true. People with lost relatives that leave you huge estates or suitcases full of dollars in some far-away country are not as common as these scammers would have us believe. You can recognize when email spam is trying to phish for money by its promises to deliver great gain in return for a small investment. For historical reasons, we call this type of spam “Nigerian prince” or “419” spam.
Part of a long and entertaining mail about how the FBI is investigating a Facebook promo where you won US$10,000,000.
Original source: https://blog.malwarebytes.com
LedgersOnline provides affordable bookkeeping services for any business anywhere.