How to identify a malicious email or website

Everyone gets their share of spam. Some more than others, but how can we tell between simple commercial spam and the types of emails that could be attacking your computer.

The unsolicited commercial spam email is generally easy to recognize and discard, but what about more dangerous types of spam? How can you determine if an email contains a malicious link or attachment, or is trying to scam you out of money or your personal information?

There are five major flags for spotting malicious emails –

1. The sender address isn’t correct.
Check if this address matches the name of the sender and whether the domain of the company is correct. To check this, you must make sure your email client displays the sender’s email address and not just their display name.

2. The sender doesn’t seem to know the addressee.
Is your name spelled out in the email, and are you being addressed as you would expect from the sender? Does the signature match how this sender would usually sign their emails to you? Your bank usually does not address you in generic ways like “Dear customer.” If the email is genuine and clearly intended for you, then they will use your full name.

3. Embedded links have weird URLs.
Always hover over the links first in the email. Do not click immediately. Does the destination URL match the destination site you would expect? Will it download a file? Are they using a link shortening service? When in doubt, you can type in the website of the company sending you the email, use that method instead of clicking the link in the email.

4. The language, spelling, and grammar are “off.”
Is the email full of spelling errors, or does it look like someone used an online translation service to translate the email to your language? Banks and other businesses will make sure an email is professional and doesn’t include mistakes before sending it.

5. The content is bizarre or unbelievable.
If it is too amazing to be true, it probably isn’t true. People with lost relatives that leave you huge estates or suitcases full of dollars in some far-away country are not as common as these scammers would have us believe. You can recognize when email spam is trying to phish for money by its promises to deliver great gain in return for a relatively small investment.

If you have a possible malicious email that you would like an expert to check, please do not hesitate to contact us.

By: Matthew Clark