7 tips on how to identify and detect malicious emails
Updated at: Sep 03, 2020
Email is an important communication tool, especially for companies. But on the other hand, email is also the main vector for threats and cyber attacks. With that in mind, can you imagine what a click on a simple and dangerous link or attachment might cause?
It’s no exaggeration to say that financial and intellectual losses could be astronomical due to an intrusion or data breach.
By the way, according to an IBM report, the biggest cost of a data breach is lost business, because a successful attack damages the company's brand and directly impacts the acquisition and retention of customers and businesses.
Phishing and BEC (Business Email Compromise)
Speaking of scams, phishing emails are one of the most used types of malicious emails. A phishing scam happens when the fraudster tries to trick someone with the intention of stealing sensitive data.
According to the FBI, phishing is the most common cyber attack in the world, with the largest number of victims.
There are also the famous BEC scams (Business Email Compromise), or CEO Fraud. BEC is a targeted and advanced fraud that aims to persuade people to take an action, such as making a wire transfer.
FBI data points out that BEC attacks caused losses of USD 1.7 billion last year. As a result, due to the damage done, BEC has become one of the worst and most dangerous types of malicious emails.
To help spread cybersecurity awareness, here are our 7 tips that can help you identify and fight malicious emails, such as spam, phishing, and BEC.
How to spot and detect malicious emails
1. Sender's address is wrong or suspicious
Check if the sender's address is correct. Cybercriminals deceive you through the little things, the details. Sometimes it is just one letter that makes the difference and what should be firstname.lastname@example.org becomes email@example.com.
This tactic’s name is spoofing. It’s widely used in malicious emails. According to the FBI, spoofing scams caused more than USD 300 million in losses in 2019.
2. Links and call-to-action buttons can be dangerous
The use of malicious links is one of the main characteristics of a malicious email. So never click on a link or call to action button immediately.
When you hover over them (without clicking), take a look and examine the address that appears at the bottom of your browser. Make sure this address looks real and authentic. If something looks suspicious, don't click.
Here, at Gatefy, it's common for our artificial intelligence-based system to detect and block malicious emails that attempt to impersonate famous brands, such as Netflix, Apple, Samsung, and Microsoft, for example. Be careful!
3. Attachments can be even more dangerous
It's strictly forbidden (yes, forbidden) to immediately open an attachment that you were not expecting. If it’s from someone unknown to you, delete the email. Don’t think twice.
If it’s from someone you know or an organization that you do business with, you need to check the email before opening the file. If necessary, contact the sender via phone, for example, to confirm that the email is legitimate.
The use of malicious attachments is another feature of malicious emails. In these cases, the huge problem is that these files hide malware and other dangerous threats, such as ransomware, trojans, viruses and spyware.
According to Europol, targeted phishing emails or spear phishing are one of the main vectors of ransomware. In addition, the European agency says that 48% of malicious files used in email phishing scams are Office files.
Again, Gatefy's email protection solution is able to identify this type of malicious email.
4. Spelling and grammar errors indicate frauds
This is a quick tip. Be wary of emails that are full of misspellings or grammar errors. Typing errors are an indication of a malicious email.
Probably, someone from a country other than yours is trying to lure and then take advantage of you and your business in a negative way.
5. Miraculous and super lucrative offerings don't exist
If you receive an email with promises of big profits and little investment, sorry to say that, but it’s probably not true.
The web is full of spam, phishing and other types of malicious emails about inheritances, lottery prizes and great investments. Beware!
6. Pay attention to how people you know write
Accounts can be hacked and signatures can be mimicked. Malicious emails of Business Email Compromise are a good example.
So, you should be wary of emails that don’t look like the emails you usually receive from a particular person, such as your boss, co-worker or bank account manager. Pay attention to the way the email was written and the signature.
7. Be wary of urgent emails and sensitive information requests
Just think about it: if an issue is urgent and has top priority, it’s usually solved in person or by phone.
Don’t believe every email you receive with the subject ASAP (As Soon As Possible) or that requires you to share important data. Those are a sign of fraud, or a malicious email.
How to protect my business email
In business, the adoption of an email security solution is essential for sensitive data to remain safe and protected.
Gatefy is a startup specialized in cybersecurity with a focus on protecting against malicious emails.
Our solutions are based on artificial intelligence and machine learning, and compatible with different email providers, such as Office 365, G Suite, Exchange and Zimbra.