Cybersecurity Training: Reviewing Suspicious Emails

This guide provides a checklist and practical steps to help you identify and handle potentially dangerous emails. Always proceed with caution, but if something feels off, trust your gut and ask for help. There is no “boy who cried wolf” when it comes to digital security!

1. Review the Sender’s Information

• Check the Email Address: Look closely at the sender’s email address, especially the domain (the part after “@”).
  • Example: An email from “[email protected]“ might seem legitimate at first glance, but real bank emails usually end in their official domain, such as “yourbank.com”.
  • Attackers often use small changes like extra letters, misspellings, or odd domains to mimic legitimate addresses.
• Verify the Display Name: Phishers may use familiar names to gain your trust. If the name seems right but the email address is off, be cautious.

2. Look for Red Flags in the Subject Line

• Suspicious Subject Lines: Phishing emails often try to create urgency or fear. Look for phrases like:
  • “Your account will be suspended!”
  • “Immediate action required”
  • “Unusual activity detected”
• Unexpected Attachments or Instructions: If the subject line suggests unexpected files or urgent requests (especially for financial or sensitive information), treat it with extra caution.

3. Examine the Content Carefully

Urgency and Pressure Tactics

• Phishing emails often use urgency to prompt quick action without much thought. Phrases like “Act now,” “Final notice,” or “Immediate response required” are common in phishing attempts. Well, more accurately, they’re common in all sorts of scams, but you can read more about that in our “Anatomy of a Scam” training: It’s free!

Suspicious Links

• Hover Over Links: Before clicking any link, hover your mouse over it to see the URL it points to.
• If the link preview doesn’t match the sender or seems unusual (e.g., misspelled domains or extra characters), it could be a phishing attempt.
• When in doubt, navigate directly to the website by typing the URL yourself instead of clicking.

As a little bit of a shameless plug: If your company doesn’t already use a third party service to check the links and scan attachments on mail from external sources; now might be a great time to Contact Us.

Spelling and Grammar Errors

• Many phishing emails have grammar, spelling, or formatting issues that wouldn’t typically appear in a professional email.
• Be on the lookout for poor language, unusual capitalization, or strange punctuation.

Unusual Attachments

• Be cautious with unexpected attachments, especially if they are .exe, .zip, .scr, .js, .bat, or other uncommon file types. These can contain malware.
• Common safe formats include .pdf, .docx, .xlsx, but if you weren’t expecting the file, confirm with the sender before opening.

Requests for Sensitive Information

• Legitimate companies will almost NEVER ask for sensitive information, like passwords, Social Security numbers, or bank details, over email.
• If an email asks for this information, verify the sender’s authenticity through a separate channel or alternative points of contact.

4. Check for Unusual Tone or Language

• Inconsistent Tone: If the email seems off in tone compared to past communications (e.g., overly formal or informal), it could be a sign of impersonation.
• Personalized Information: Spear phishing emails may use personal information, such as your name, job title, or recent activities, to make the email seem legitimate. While these details may appear convincing, always verify the context and sender. It’s also a good idea to check our Social Media Guidelines so scammers aren’t able to scrub your Facebook and LinkedIn to craft such convincing frauds!
• Language Matters: Scammers will sometimes use intentionally bad or broken English so that, post-scam, when their victims are trying to figure out where things went wrong, they’ll feel like they ignored some pretty obvious warning signs and, out of embarrassment, not report the scam. That’s some real next level chess strategy!

5. Use Tools and Verify Through Official Channels

• Spam Filters: Many email providers and internal systems automatically detect and filter phishing emails. While not all phishing emails are caught and personal vigilance is always essential, we do still highly recommend using a spam filter. If you don’t already have one, please Contact Us and we’d be happy to assist.
• Direct Verification: If you’re unsure about an email’s legitimacy, contact the supposed sender directly using official contact details (e.g., call your bank or coworker rather than replying to the email).
• Report Suspicious Emails: Follow your organization’s policy for reporting phishing attempts. Many organizations have a designated IT contact for reporting phishing.

6. What to Do if You Suspect an Email Is Phishing

• Do Not Click or Download Anything: If the email looks suspicious, avoid interacting with any links or attachments.
• Delete the Email: If you’ve confirmed it’s phishing, delete it from your inbox and trash folder to avoid future access.
• Report the Email: Inform your IT department or follow the steps in your email platform (e.g., “Report Phishing”) to help prevent further attacks.
• Do not Reply: Never, ever feed the beast! If you reply, the scammers will know they’ve reached an active email address. Even if they can’t get anything worthwhile from you themselves, they can still turn around and sell your email as part of a list of active targets to other scammers. You’ll be opening the floodgates of scam and spam if you reply.

Example Checklist for a Suspicious Email

By following this guide and staying alert, you can help protect yourself and your organization from phishing attempts. Remember: it’s better to be overly cautious than to fall victim to an attack.