8 scam email warning signs

The cyber threat landscape as we know it is pushing its way to the forefront of business’ biggest worries. The BBC reported on the 3rd October 2017 that the National Cyber Security Centre’s (NCSC) director, Jeremy Fleming, said ‘threats to the UK were developing as fast as technological advances.’ And, as if this isn’t worrying enough, ‘more than 1,000 incidents were reported to the NCSC in its first year of operation.’

It is now more important than ever to take cyber security extremely seriously in order to prevent an attack. As cybercriminals up their game and catch even the most vigilant of individuals via various spoofed emails, take a look at these scam email warning signs, which your clients and their employees should be looking out for.

For those who are already aware of the dangers we face with email, Symantec has launched comprehensive protection for business email compromise with the deepest visibility into advanced email attacks. If you’re an MSP or VAR and need to offer world class security solutions to your client base, ask our cloud specialists about the robust solutions available in CASCADE.

1. When was it sent?

By checking the time of when an email was sent, you can potentially identify hazards. For example, you get an email from your manager at 3.45am. Is this normal? Would you usually receive emails at this time from them? If not, don’t click.

It is also worth remembering that time also goes for the time of year. Around holiday seasons, and at the end of the tax year, cyber criminals are working overtime as more financial information is being shared online and online transactions are typically a lot higher.

2. Check the subject for…

A sense of urgency. Hackers use scare tactics to get you to bite the bate with ‘change your password now’, ‘you’re late with your payment’ or ‘you’ve been charged £34.21’. Do not fall victim to this. Think logically – you know if you’re late on a payment, and you can check your bank account for any deductions. Don’t rush and click through the email and if you do by accident, don’t be tempted to follow any links, download any attachments or send any of your personal details to the sender.

3. And then comes the content…

What does the email require you to do? Be vigilantly aware of anything asking you to urgently update details, claim a tax rebate or send your bank details. Hackers will try anything to get you to click through. Don’t trust it unless you are absolutely 100% sure it is safe. Another obvious, tell-tale sign is grammatically incorrect copy. This is particularly notable when the email is claiming to be from large organisations, such as your bank. The subject line may read something like:

Mr Bloggs, Important! Changes To Your Banking Terms and Conditions and Charges and our Banking made-easy brochure!!

Note that the example above includes unnecessary capital letters, extra exclamation marks and randomly placed commas.

4. Impersonation

4. Impersonation

The intelligence of today’s cybercriminals is unfortunately proving to work and is catching us out. Some emails now appear to be from someone you already know – an existing contact, but actually, they are an intelligent spoof. This is a very common way these criminals tempt us to click into the malicious email. Hackers do know that we are more inclined to click on emails if they are from somebody who we trust, and will use almost exact fake email addresses. Below is a quick made up example of how similar these may be:

Real: [email protected]
Fake: [email protected]

Spot the difference? The ‘walliscargo’ is simply missing one ‘l’. If you’re checking emails quickly, it’s highly likely that you wouldn’t even notice this tiny difference.

Sometimes, the hackers can use your internal email addresses to appear in the ‘from’ box. There may not even be an error to spot here so check for tell-tale signs such as email signatures and check if the email is being vague with details.

TIP: Many business email compromise attacks pretend to be senior executives such as your CEO or COO.

Ask us aboutrobust security solutions

Symantec offers a new feature available within the Advanced Threat Protection stack: impersonation controls and advanced email security analytics. It includes insights into both clean and malicious emails in Symantec.cloud Email Security to ensure that any possible threats will be detected and stopped.

5. To whom is it addressed?

A lot of the time, hackers will send many phishing emails to many recipients at one time. If you’re copied into a strange email, or don’t know who any of the recipients are, this should be a warning sign to not click on anything.

6. Check the hyperlinks BEFORE you click

If everything looks legitimate in the email, still don’t be fooled. Be even more vigilant by hovering over the hyperlink and checking the destination URL. If it doesn’t match what the description of the email is referring to, DO NOT click on it. If it is completely random, DO NOT click on it. Ensure that you are 100% safe to click before you do. If it appears to be from a colleague, or existing contact, contact the sender directly via phone to confirm whether or not they sent the email.

7. Attachments

Next, we move onto attachments. While they may seem harmless, some can contain malicious variations of malware. Generally, if you are not expecting an attachment, don’t open it as may be fraudulent. Another sign to look out for is the file type. Duplicate file types at the end of the file name is a strong indication that the file is compromised, for example ‘docx.docx’, as well as the well-known exe files that are common threat vectors for email.

8. Will it delete?

And finally, will the email delete from your inbox? If you swipe right to delete the mail and your phone displays a message like: unable to move message to the mailbox trash, this is a sign that the email is a scam. Depending on your device, contact the manufacturer for assistance with deleting unwanted mail.

Press enter or esc to cancel