We have all had an email sitting in our inbox that makes us ask the question – “Is this email legitimate?”
Below we have included four easy questions to ask yourself to check if the email (and therefore any attachments or links) are legitimate. This article will provide you with some clarification and understanding of how to sort through your inboxes, and show you how to recognise which emails might be malicious.
The first thing to know is that cyber criminals tend to do research on their targets. Spear Phishing, (targeted attacks) are sent directly to you, not just “Hi,” or “Dear customer”. They are often carefully crafted; with knowledge they have researched from the internet. How much personal information do you place on your social media? Social media is a very common research tool used by the cyber criminals. That way, they can discuss things that are relevant to you.
- The first question you should be asking is: do you know the person who is sending the email or are you expecting an email from that person?
- Does the email address it has been sent from look strange? For example: firstname.lastname@example.org or email@example.com (when you do not have a Commonwealth Bank account)
- Does the email signature not have a name, contact, or look professional? For example:
Thank you for trading with us.
Does the email signature look different to a previous email from the same place? For example: You have an account with PayPal, and you have often received emails from them in the past, but the most recent email does not have the same email signature.
- Does the content talk about something unexpected or just plain weird? Or perhaps the spelling and grammar is not up to standard? Some simple things to look for are:
- Is there a link to click within the email and is the link taking you to the site that you think it should be? Hover over the link on a PC and look at the address. On a mobile phone, hold your finger on the link and see where it says it is going to.
- Is there a file to download? Often, criminals send files, invoices and documents which contain malicious content. If you are not expecting the file, DO NOT download it. Contact the sender via a known, trusted number or email and ask them what it is about. Never reply to the email, as that just goes back to the criminal.
- Are they asking for personal or confidential information? Criminals often ask people for something personal or confidential in their attempts to research more about a person or company.
If you are still in doubt, please make sure you do not download any attachments or click on any links you are not 100% sure about. Give us a call for peace of mind and let us look further into it for you.
-In collaboration with Layer 8 Security