It’s another day at work. You log in to your computer, catch up on a few messages from coworkers, then move to tackle your inbox (sipping coffee all the while, of course) and what do you find? There is a Nigerian prince who needs your help, and he’ll send you plenty of gold for your efforts if you’ll just do one little thing and give him your banking information… Wow! How could you pass up on such an opportunity?!
Okay, let’s be real: in this day and age, you are not going to fall for such an obvious scam. As people become more aware of the threats posed by these kinds of emails, however, malicious actors adapt in kind. Rather than outright asking for your banking information, they frequently use more subtle methods. The precise objective of these kinds of messages can vary, from obtaining your log-in credentials to certain sites or services to establishing a secret back door through which they can slip through your company’s security measures, giving them access to your files, accounts, and more. In some attacks, they even target your organization specifically by impersonating a coworker or supervisor to kindle a false sense of security—these are called “spear phishing” attacks.
In the ever-changing landscape of virtual threats, it is best to look at your inbox with a healthy sense of skepticism and a “better safe than sorry” attitude. This list is not the end-all, be-all of recognizing suspicious messages, but it’s a great place to start!
Here are warning signs you should look out for that indicate you should take a second look before clicking that link or attachment:
1. The “from” address is odd
Are you getting an email from your boss that is coming from some random yahoo account rather than the company domain you are used to? That is a big warning sign that someone else could be trying to trick you for their own gain. It can be especially difficult to spot when it shows the sender’s “name” as something familiar while the email address is anything but.
You can apply this to emails from folks you don’t already have in your address book, too—if you are getting an email that is supposedly from Microsoft Support but the address domain doesn’t seem related to their company in any way, it warrants extra scrutinization. You can do a quick search online to see if other people have had problems with emails from the suspicious domain, or simply contact the company via another method to ask about the email so they can confirm whether it was legitimate or not.
It is worth noting that an email could also come from a legitimate email address if that person’s email has already been compromised and the scammers are sending emails from their account without their knowledge. For that reason, a trusted domain does not automatically mean that you can trust the contents of the message. Keep an eye out for the rest of the warning signs, as well!
2. The message is poorly written
Seeing a lot of misspelled words or grammatical errors? The chance that the message is a scam is much higher. That’s not to say that every message with a typo in it is a scammer—human beings make mistakes, and no one will send emails that are 100% perfectly written every time.
Glaring errors can be a valuable warning sign, however, and it may be a good idea to check for other warning signs on this list. Sometimes scammers will even include obvious grammatical errors on purpose to weed out people who are already informed about the warning signs so they only have to interact with the folks who are the most susceptible to falling for their tricks.
3. The content is out of the ordinary
If you suddenly receive a message from a coworker asking you to download a report you’ve never heard of before or a message from a friend you haven’t heard from in a while asking you to check out this crazy new video going around, think twice before clicking that link or attachment. If the email doesn’t sound like it came from the person they are claiming to be, chances are it may not be and you should try to verify before exposing your computer to threats that could be hidden in the message.
If the message is coming from what appears to be a company you have an account with, keep in mind that any company should be trying to keep your information safe and will not ask you to follow unsafe practices in their messages, such as downloading attachments from unverified sources or clicking suspicious links in order to access your account. If you get a message saying you need to log in to your account to take action on something, be sure to get to the website on your own rather than clicking any links in the email itself. Scammers can set up websites spoofing legitimate ones in order to get your information or transfer a virus onto your computer.
4. They are asking for private information
Legitimate companies should not ask you to provide private information though unsafe channels—they don’t want to sound like scammers, after all! Before sending anyone information that could be harmful in the wrong hands, make sure that the receiving party is not a malicious actor. Try reaching out via an established, trusted channel—for example, via phone call or other method you have used before and verified with that company or individual—to confirm that they actually need the information requested in the email.
5. There is a strong sense of urgency
Scammers do not want you to take the time to think about whether or not the email they are sending you is legitimate—the longer you look at it, the more likely it is that you will notice something suspicious. To avoid this, they will sometimes include indicators that you need to click a link or download an attachment as soon as possible. Examples might include an email apparently from your boss telling you to complete this form RIGHT AWAY, or a threat that your account will be deleted in ONE HOUR if you don’t click this link to reactivate it. This kind of dramatic urgency is meant to alarm you, and it does often invoke the desired gut reaction. Try not to let the fear of supposed unpleasant consequences override your caution when it comes to email. Often, that fear itself is a great indicator that you should double check and ask yourself: Would your boss really email you something so important without calling to make sure you saw it? Would a company suddenly decide to permanently delete your account?
There is a strong chance these warning signs were already setting off alarm bells in your head without you being able to name them specifically—that gut feeling something can’t be trusted could be you recognizing them without even realizing it. It’s a good idea to trust yourself when an email feels “off” and double check to make sure it is safe. The cost of trusting a message too easily can be high, and it is better to err on the side of caution when it comes to the security of your information, your company’s network, and any clients you have.
If you have any further questions on how we can help your business to follow security best practices, please don’t hesitate to give us a call at (502) 742-2550. If you are already a client of ours, feel free to forward messages that seem fishy to you to our support desk—they are happy to help ensure you are safe and you can be an important part of keeping your organization secure!