Is This Email Real? What to Do If You Aren’t Sure an Email is Legit
/The average office worker receives about 121 emails per day. These consist of a mix of spam, phishing emails, along with the legitimate ones. That’s a lot of messages to have to sort through on a daily basis.
The sheer volume of email that a person has to go through daily coupled with the sophistication of fake phishing emails can make if easy for someone to accidentally click a malicious link or download a malware-laden attachment.
How many of those 121 emails per day are legitimate? Less than half. According to the “2019 Internet Security Threat Report” by Symantec, 57.5% of the email received in the U.S. is spam. Of that about 16 per month are malicious phishing emails.
If you have just 25 employees, that means there could be 400 chances each month for someone to get fooled into downloading a malware like ransomware into your network and initiating a data breach.
Many companies turn to modern office IT support and strong anti-spam and anti-phishing applications to help combat the constant influx of dangerous emails into employee inboxes, but the last line of defense is the employee who has to decide whether an email is legitimate or not.
What should you do if you aren’t sure about the legitimacy of an email you received? There are a few strategies you can employ to check out a questionable email before you unintentionally unleash a cyberattack.
Tips for Handling Emails You Aren’t Sure About
There’s a reason that phishing is the number one method used to deliver malware and malicious scripts designed to hack networks for any number of insidious reasons. It works.
Phishing uses multiple tactics such as a sense of urgency or offer of a sale to trick users into opening a seemingly innocent Word attachment or clicking a link to a website. Many high-profile data breaches that you hear about in the news are the result of a targeted phishing campaign designed to gain access to an organization’s network (such as the DNC email server hack during the 2016 election).
So how do you know if an email is a trap? Here are things you should do if you receive a questionable email that you’re unsure about.
Hover Over Any Links to Reveal their URL
An easy way to tell if that “bill” from AT&T is legitimate, is to hover over the link without clicking it to reveal the true URL.
Phishing scammers often spoof legitimate companies, using their logos and signature lines to make their fake emails look like the real thing. But by hovering over the URL, you can see (as in the example below) when a URL does not match the company it’s pretending to be coming from.
Look for Common Phishing Keywords in the Subject Line
There are certain keywords that phishing emails will employ to tug on your emotions to get you to open an email. Be very wary when seeing the following, which are the top keyword’s phishing scammers use according to the Symantec report.
· Urgent
· Request
· Important
· Payment or Outstanding Payment
· Attention
· Info
· Important Update
· Attn
· Transaction
Ask Yourself if the Email is Expected or Not
One tactic hackers use is the promise of a purchase order from someone, but it’s a company you’ve never heard of. Ask yourself if a questionable email is expected. Do you know the company sending it or the sender? Were you expecting a PO from this company?
Or if the email looks to be from a colleague (accounts are often hacked) ask if the language the person is using matches what you expect from them and double check with them to make sure they really sent it. Any emails out of the ordinary should be questioned.
Get a Second Opinion
It’s always better to pause and ask for a second opinion rather than click on a virus-laden attachment in a rush. If you have someone that’s computer-savvy at your office or an in-house IT person, ask them before you download or click anything on the email. If you use an IT provider, like BrainStomp, give them a call. We can often tell immediately whether an email is a phishing scam or not.
Look at the Header Source
If you click to view the header source code of the message, you’ll often find that the sender has a completely different email address than the email purports to be from. Just like when you hover over a URL, the raw source code of the message can often be an indicator or a phishing email.
Run All File Attachments Through a Malware Scanning App
It’s a good rule of thumb to run all email attachments through a malware and virus scanning applications before opening them. One of the most popular document types that phishing scammers use is a .doc (Word document) that most people would think was legitimate.
The most popular file types for malicious email attachments are:
· .doc, .dot (37%)
· .exe (19.5%)
· .rtf (14%)
· .xls, .xlt, .xla (7.2%)
· .jar (5.6%)
· .html, .htm (5.5%)
· .docx (2.3%
Find Solutions That Keep Phishing & Spam Away
The best way to mitigate the dangers of phishing email and anti-productive spam is to use a software that can keep these out of your employee inboxes in the first place. BrainStomp can help you deploy smart cybersecurity solutions to keep your network safe in the face of multiple threats.
Schedule a free security consultation with us today! Call 260-918-3548 or reach out online.