June 17, 2020, Kathmandu
No matter how many social media or chat platforms thrive, emails still remain the primary means of communication in most organizations. It always has been the most professional way of sharing confidential data like customer personal information, account information, work planning, reports, and so on. That is why we are going to look at how to detect scam emails to prevent any unauthorized access to sensitive data.
Cybercriminals have been very active since the beginning of the COVID-19 pandemic. We continue to see phishing scams, data breaches, and other types of cyberattacks. Phishing attacks trick mail recipients into opening malicious links and attachments.
The latest phishing email examples include a scam where people received mails from addresses disguised as “WHO”. For instance, the words “WHO” and “community” in the email address can trick certain users into believing that the mail is from the World Health Organization (WHO).
Such phishing scams target users who are most likely to click on the malicious links. In doing so, the links and attachment download Trojan and viruses into the device which will cause enormous security issues.
Moreover, it could also download ransomware into your computer that locks the device files and demands a ransom in exchange for the data.
Thus, we need to constantly remain vigilant when it comes to downloading email attachments or clicking on links.
Let’s discuss how to detect scam emails to raise phishing email awareness.
5 Ways How to Detect Scam Emails
1. Crosschecking the Sender’s Email Address
The first thing to keep in mind is that no legitimate organization will send an email from a public email domain such as Google. This means that you are most likely to receive suspicious emails from addresses that end with ‘@gmail.com’ or other public email domains.
Not even Google sends you an email using the Gmail address.
However, it may not be true in all cases since small operations may still be using public emails. So, the best way to verify the email address is by checking the organization’s domain name in a search engine.
Here is an example of a phishing email disguising as PayPal:
It is almost believable and most users would not notice the flaw here.
Now, here’s how to identify spam emails in such cases. Take a look at the sender’s address.
Clearly, ‘paypal@notice-access-273.com’ looks suspicious since ‘PayPal’ is not used as the email domain but the email id of the sender.
Even though it uses a PayPal logo on the top, it still is a scam.
Pay attention to the details!
1. Looking at the File Extension
Checking out the file extension is also a way how to detect scam emails. When you receive a file attachment, make sure to pay closer attention to the file extension. For instance, a file with .jpg extension is an image file and the one with .doc is a text document file.
Now, the extension that you don’t want to see in an email is the .exe, which is an executable file. So, these files can install malware into your device and compromise your privacy.
Furthermore, these types of files skip antivirus detection and email attachment protection software.
In fact, some threat actors may also use it.Doc and.Docx extension to infect devices.
Filenames that end with an m may contain malicious macros that execute a task through a series of instructions. For example – .docm, and .xlsm.
Other file extensions that you might want to avoid are .jar, .cpl, .bat, .msi, .js, .com, and .wsf.
2. Legit Emails Do Not Ask You To Confirm Personal Information
As authentic as an email looks, if it asks you to confirm your personal information via attachment, it’s a dead giveaway.
Threat actors will try everything up their sleeves to make the email look like the real deal. By keeping an eye out for such emails that ask for your personal information, you can avoid major security risks.
Simply, don’t click on any link or download attachment. In fact, don’t even reply.
1. Check the Content of the Mail
If everything checks out, try taking a closer look at the content. Sometimes, you have to read between the lines.
You can often tell if an email is a scam by just going through the content of the email. It usually contains poor spelling and grammar.
In fact, legit companies usually call you by your name if you hadn’t noticed.
Take a look at this email from Daraz online shopping:
An important thing to notice here is that the email domain name checks out. Likewise, it has the company’s logo and email format.
But, did you notice how it calls the recipient (or customer) by their name?
Phishing emails generally address recipients using “Dear account holder”, or “Dear valued member”. The reason is quite obvious! Phishing scams often target multiple accounts and so the emails go out in bulk.
1. Scammers want you to Panic
The scammers can only benefit when you click on a malicious link or download an attachment. For this, they try to generate fear or a sense of urgency.
Hackers love a crisis after all!
However, taking time out to think and observe might just save you a fortune.
What if someone emails you saying that your account may have been compromised? Or, your account will be closed if you do not act immediately?
That would definitely inflict panic to some extent. And, in that moment of panic, you might skip the obvious and do whatever the mail instructs you to do.
You might notice something like “WARNING!” or “HURRY UP!” in your mail which is most likely a scam.
Why?
It’s because legitimate companies tend to inform you calmly and professionally even when it’s an urgent matter.
However, some phishing scams can be as subtle as possible. So, you might want to keep an eye out for every small detail that we mentioned above in this article.
So, makes sure you take the time out to think reasonably. Don’t act on panic.
And, if you are unsure about what to do, try contacting a friend or an expert.
Final Say
When in doubt, throw it out – that’s what to do with suspicious emails. If you suspect a foul play in your email with suspicious links or attachments, just delete it.
Or, have it checked out by an expert.
It is not uncommon for cybercriminals to capitalize on your fear. They know how a normal person would react to certain circumstances.
Therefore, seek expert advice and avoid opening any suspicious emails.
A step further would be to spread this piece of info, especially to employees who are working from home. Awareness among employees will ensure data and privacy security of an organization.
