It seems like we are inundated with spam emails and malicious attachments nearly every day. They can be challenging to identify, especially if you don’t know what to look for. This article will discuss some tips on avoiding these types of emails and what to do if you think you may have received one. We’ll also review some resources that can help you stay safe online.
Signs that an email may be malicious
It can be difficult to determine the legitimacy of an email with 100% accuracy. However, some warning signs can be relatively easy to spot. Here are the common traits of a malicious email:
- The sender address is unknown to you, or the name and address do not match
- The email asks for personal information, such as your password or credit card number
- The subject line is vague or nonspecific
- There are grammar or spelling errors in the body of the email
- The message contains unexpected or strange attachments, links, or images
- You were not expecting to receive this email
- The message is threatening or contains alarming language
Let’s take a closer look at each of these:
The sender address is unknown to you, or the name and address do not match
One of the first things you should do when receiving an email is to check the sender’s address. If you don’t recognize the name or email address, that’s a big red flag. Even if you think you may know the person, it’s best to err on the side of caution and verify that the email is legitimate. You could do this by doing a simple Google search or asking the person directly if they sent you the email.
Don’t reply to the email to verify it’s legitimate – even if the return address looks correct, the sender’s email account may be hacked and in the control of bad actors. Look up the main number of the sender’s employer, then call and ask for them by name. If they don’t work there or tell you they did not send the email, let them know that their account may have been compromised and delete the email.
The email asks for personal information, such as your password or credit card number
Never, under any circumstances, should you ever provide personal information in response to an email. Even if the email looks legitimate, there’s no way to know for certain who is on the other end. If you need to update your information with a company, go directly to your account on their website and update it there. Again, please do NOT use any links in the email to do this, as they could be malicious.
The subject line is vague, nonspecific, or imparts urgency
A lot of times, spam emails will have subject lines like “Please reply ASAP,” “Important!” or “You’ve won!” They may also contain specific topics with an urgent call to action. The email contents are similarly designed to entice you into taking some action, such as clicking a link or opening an attachment. Other common subject lines used in phishing or malware emails (many variations of these exist in the wild):
- “Password compromised – immediate action required”
- “XXX Policy Update, please review and accept” (XXX = vacation, sick leave, COVID, etc)
- “Your order confirmation” (includes bogus receipt with high dollar amount)
- “Security alert”
- “Your message was not delivered”
- “Your XXX account has been locked” (XXX = Facebook, Twitter, Instagram, LinkedIn, etc.)
- “Your XXX may have been compromised” (XXX = Visa, Compromised, Online banking, etc.)
If you’re not expecting an email with that subject line, or it doesn’t apply to you, it’s probably best to delete it. If you are unsure, directly contact the organization that purportedly issued the message via telephone, online chat, support form, etc. DO NOT reply to the email, click any links or open attachments.
There are grammar or spelling errors in the body of the email
This is another common trait of spam emails. Often, these emails are not written by native English speakers, so there are grammar and spelling errors throughout the email. This is another red flag that should cause you to delete the email.
The message contains unexpected or strange attachments, links, or images
If you’re not expecting an attachment in an email – especially if it’s from someone you don’t know – do not open it. The same goes for links. If you’re unsure about the legitimacy of an email, hover your mouse over any links to see where they will take you before clicking on them. And finally, be wary of any emails that contain images – especially if those images look like they could be advertisements.
If an email contains no text in the body or is nothing but an image, that’s another red flag. These emails are often used to deliver malware or viruses, so it’s best to delete them.
You were not expecting to receive this email from this sender
If you don’t know the person who sent you the email, or if you do but were not expecting to receive an email from them, it’s probably best to delete it, or at the very least reach out to them by some verified means (NOT by reply) to check if they sent it. Unless you are certain that the email is legitimate, there’s no way to know for sure who is on the other end.
The message is threatening or contains a demand for money
Cybercriminals most commonly send threatening emails with the intent of blackmailing or extorting their victims. The sender may make any number of claims, such as that they have access to your passwords, financial accounts, or that they have compromising pictures, texts, or emails from you, and they intend to release this information unless you pay them.
Some businesses have recently been receiving cyber extortion emails in which the sender claims that they have gained access to the private data of the business or the business’ clients and that this data will be released to the dark web unless money is paid.
While it may be tempting to submit to the sender’s demand for money, the most likely outcome is that the sender will carry out their threat anyway and return to extort the victim again. Nor should you try to engage or negotiate with the sender. Your best course of action is to preserve the email and any follow-up communications you may receive and have someone attest to witnessing that you received these materials. Then report the incident to the FBI’s Internet Crime Complaint Center (IC3) immediately, and contact your local FBI field office to inform them.
What to do if you think you’ve received a malicious email
If you think you may have received a malicious email or attachment, there are a few steps you can take to protect yourself:
- Do not click any links in the email or open the attachment;
- Delete the email from your inbox and empty your trash or spam folder;
- Run a virus scan on your computer to ensure that there is no malware present.
Here are a few resources that can help you stay safe online. The Federal Trade Commission has a website called On Guard Online, which provides resources and tips on how to stay safe online. The National Cyber Security Alliance also has a website, StaySafeOnline.org, which offers information on cybersecurity and safety. Finally, the Department of Homeland Security’s Stop.Think.Connect campaign is another excellent resource for staying safe online.
Staying safe online takes a bit of effort, but it’s well worth it to protect yourself from spam emails and malicious attachments. Hopefully, these tips will help you keep your inbox safe from spam emails and malicious attachments! Stay vigilant, and stay safe!