While most people utilize spam filters and use antivirus software, spam and phishing emails can still slip through it and into your inbox. An Email recipient is the most critical element in preventing an attack. The following are some tips on how to identify the authenticity of a questionable email.
Incorrect Grammar/Spelling/Text Body
Many phishing email contain misspellings because some of these messages have been poorly translated from other languages., Additionally, you will want to pay attention if the time or date appears in the message body of an email. If the email contains the date format of DD/MM/YY or 24-hour time it is likely that the email’s point of origin was outside of the United States.
Email Format/Absence of Logos/Plain Text Email
Most legitimate messages will be written with HTML and should be a mix of text and images. A poorly constructed phishing email may show an absence of images, including the lack of the company’s logo. If the body of an email is only an image as text, it’s possible that it is not legitimate. While Outlook blocks showing images by default, if the email is all plain text and looks different than what you’re used to seeing from a frequent sender, you may want to contact the sender directly in a new email or phone call.
Urgent Request for Personal Information
One tactic that is commonly used by hackers is to alert you that you must provide and/or update your personal information about an account (e.g., Social Security number, bank account details, account password). Phishers will use this tactic to drive urgency for someone to click on a malicious URL or download an attachment in an attempt to infect the user’s computer or to steal their information.
High-risk attachments file types include: .exe, .scr, .zip, .com and .bat. Most spam filters will generally do a good job of quarantining those format. Most companies companies commonly send and receive .zip, .doc, .docx, .xls, .xlsx, .ppt, .pptx and .pdf. However, a malicious sender can implant devious code in those formats as well. Once you open the attachment your computer is already compromised. Be cautious if you have sent an email that has an attachment and the sender is questionable. You should verify the legitimacy of the email first and then examine the context of why the attachment is being sent.
Links in the Email
A common practice is to avoid blindly clicking on links in an emails. Outlook allows you to hover over a link before clicking on it. If the link in the body of the email is different than what Outlook hovered preview reports, it is not legitimate. Even if it seems legitimate, open a new browser window and type the URL directly into the address bar. If you’ve clicked on a link, a phishing website will look identical to the original, however, your system may already be compromised.