Our Senior Security Solutions Architect Anthony Owen, shares the top five email security tips on how to spot malicious emails and what steps to take.
Since email changed our lives forever in the 1970s, it quickly became an essential tool for organisations to communicate. Fast forward to today, and email is now the number one route for cyber-criminals to attack. So how do you keep your email secure?
- Verify the sender - The first step to identifying a malicious email is to verify the sender. Cybercriminals often use spoofing techniques to make their emails look like they originated from a legitimate source. Check the sender's email address and verify that it matches the domain of the organisation or person claiming to send the email. Be wary of suspicious or unfamiliar email addresses, especially those that include spelling errors or typos.
-
Urgency or threats - Cybercriminals often create a sense of urgency or threaten the recipient to force them to act quickly without thinking. Be wary of emails that use language designed to create a sense of urgency or fear, such as "act now" or "your account will be closed." These are often attempts designed to trick you into clicking on a malicious link, downloading malware or entering account credentials into a webpage designed to mirror those that are commonly used in business and banking applications.
- Links and attachments - These are a common way for cybercriminals to deliver malware or phishing attacks. Be cautious of links and attachments from unknown or suspicious senders, or those that require you to enter personal or sensitive information. Verify the URL before clicking on any links and scan attachments for viruses before downloading them. Another frequently used technique it URL shortening. This presents a “user friendly” wording for a link to a user, but when clicked will redirect to a malicious or phishing domain.
- Look for grammatical errors - Malicious emails often contain grammatical errors or spelling mistakes. Cybercriminals often use language that is designed to trick you into clicking on a link or opening an attachment, and they may not pay close attention to the quality of their writing. Often, the senders of these malicious messages are not writing them in their primary language.
- Requests for personal information - Cybercriminals often use phishing attacks to steal personal or financial information. Be aware of emails that request personal or sensitive information, such as usernames, passwords, or credit card numbers. Legitimate organisations rarely ask for this information via email, and if they do, they will usually direct you to a secure website or portal.