What to do if you suspect a malicious email?
-
Contact the organization by using a telephone number from a credible source
-
Do NOT forward the email to anyone
-
Do NOT click the Enable Content in any documents, even if the instructions say so
-
Contact the Service Desk if you are not sure, they can look at it on your computer.
Email Red Flags
1. FROM:
- The sender's email address as someone you do not ordinarily communicate with.
- The email is from someone outside of the organization and it’s not related to my job responsibilities.
- This email was sent from someone inside the organization or from a customer, vendor, or partner and is very unusual or out of character.
- The sender's email address from a suspicious domain (like micorsoft-support.com).
- You don't know the sender personally and they were not vouched for by someone else.
- You don't have a business relationship nor any past communications with the sender.
-
This is an unexpected or unusual email with an embedded hyperlink or an attachment from someone you hadn't communicated with recently.
2. TO:
- You were cc’d on an email sent to one or more people, but you don’t personally know the other people it was sent to.
-
You received an email that was also sent to an unusual mix of people. For instance a seemingly random group of people at your organization whose last names start with the same letter, or a whole list of unrelated addresses.
3. DATE:
-
Did you receive an email that you normally would get during regular business hours, but it was sent at an unusual time like 3 a.m.?
4. SUBJECT:
- Did you get an email with a subject line that is irrelevant or does not match the content?
-
The email message a reply to something I never sent or request?
5. CONTENT :
- The sender asking you to click on a link or open an attachment to avoid a negative consequence, or to gain something of value.
- The email out of the ordinary, or it has bad grammar and or spelling mistakes.
- Intimidation or Rushing: If you receive an email unexpectedly that is requesting information, money, or other actions in an unusually short period of time, then, be suspicious. By rushing or intimidating you, email hackers are hoping that you won’t take the time to scrutinize the email for flaws.
- Requests for Private or Sensitive Information
6. ATTACHMENTS:
-
Email attachments allow hackers to run malicious software when you open or download the attachment. If you receive an email attachment that you weren’t expecting, has an odd file name, or appears to be coming from someone who doesn’t normally send you files, begin searching for other red flags to determine if the email is malicious. Do not open or download the attachment until you have verified with your IT or security resource that the email is not malicious.
7. HYPERLINKS:
- I hover my mouse over a hyperlink that’s displayed in the email message, but the link to address is for a different website. (This is a big red flag.)
- I received an email that only has long hyperlinks with no further information and the rest of the email is completely blank.
-
I received an email with a hyperlink that is a misspelling of a known website. For instance, www.bankofarnerica.com - the “m” is really two characters – “r & n”)