Malicious emails are pretty much everywhere. Companies of all shapes and sizes and across all industries are being routinely affected by them. Over 54.6% of all emails are spam. What's more, statistics also show that the average user is subject to roughly 16 malicious spam emails per month.
For this reason and together with a lack of proper security training, an organization's employees are considered to be the second highest security threat, right after outdated software. What makes malicious emails so effective, and employees so vulnerable to them is a psychologically manipulative tactic known as social engineering.
In short, social engineering is the skill of gaining access to restricted areas such as a company's systems or data banks by exploiting human psychology. So, instead of relying on the traditional ways of technically hacking into a system, social engineers will usually pose as a respected authority such as a colleague or institution, to trick a person into giving up sensitive information like passwords or personal data.
But while these tactics are continuously improving, some telltale signs indicate when an email is dangerous or not. Below are four ways to identify and fend off these malicious emails.
The Sender's Address
A typical email address looks like this: John.Smith@example.com. The first thing to check is the sender's address and make sure that it matches the sender's name. In other words, the John Smith found in the address also needs to be present in the email, itself.
Secondly, the domain name, in this case, example, should be the same as the one used by the company which is reportedly sending it. Even the smallest variation such as @example-sm.com can be a red flag indicating a malicious email.
Most malicious emails have links embedded within them. When you receive one such email, the sender will ask you, for whatever reason, to go on the link provided there. Make a habit of hovering your cursor above the link for several moments so that its URL presents itself.
If that URL is long, weird, and does not match the expected destination, the chances are that you will be redirected to a compromised website. Do not click on it, and instead, contact the supposed sender directly to see whether they sent that email or not. The same thing goes for attachments. Do not open them unless you are 100% sure about their origin.
If you notice any spelling, punctuation, or grammar mistakes in an email, especially if it's from an institution such as a bank, for instance, it's most likely a malicious email. Banks and other institutions have entire teams of professional content writers, which means that these sort of mistakes should not happen.
Sense of Urgency
Most malicious emails will give off a sense of urgency and a call-to-action, as it were. Be it "a bank" that asks you to go on a provided link to update your information, "a colleague" asking you for sensitive data, or even someone saying that you've won some prize. All of them give off a sense of urgency or something too good to be true.
As a general rule of thumb, you never provide sensitive information over email, regardless of who's asking or even if it's work related. Exchanging files and information via email with colleagues, partners, or subcontractors should only be done when using a secure file transfer system or if you are entirely sure about the source.
Reputable banks and other such institutions will never ask you for your credentials over email; they will not tell you that you owe them money, or that your computer is infected with a virus. If you're ever faced with these sort of emails - which you probably will - the best course of action is to delete the email and contact the supposed sender directly and inquire about the email's veracity.
Titanium Cobra offers out of the box solutions when it comes to network security as well as staff training services. Our team is solution-oriented and always ready to help design, develop, implement, and maintain your IT systems in the most secure way possible.