Tips & Tricks: Identifying Malicious Emails

In today’s business landscape, Cyber Security plays a pivotal role in safeguarding operations, which we know you value as much as we do. With the rise of Artificial Intelligence, Cyber Criminals are finding it easier and easier to produce convincing spam emails that could fool the best of us into replying, or paying money into an account we shouldn’t. That’s why we’ve put together our top five Tips & Tricks on identifying potentially malicious emails, and how you should deal with them.

Tip 1 – Check the Email Address

Most email apps will just show you the ‘Display Name’ (usually the first & last name) of the sender. This is great for convenience but doesn’t give the full picture. You should always check that the email address itself appears to be genuine by scrutinizing it for any spelling or grammar errors & out of place characters or numbers. For example, would you notice if one of our emails came from an address ending in the domain @cirrusit.co.uk, rather than our actual domain; cirrusits.co.uk?

Microsoft Outlook (Desktop app) usually shows the email address next to the sender’s name, when reading an email, in <> brackets, for example:

FROM: John Doe <john.doe@domain.com>

Alternatively, you may need to hover over the sender’s display name to see the full address.

Tip 2 – Look out for Urgent or Alarming Language

Most malicious emails will attempt to create a sense of urgency in the recipient to pressure them into doing something they shouldn’t. If you receive an email from your ‘boss’ asking for an immediate payment into an account, or a contract will collapse, consider whether this is a realistic situation before responding to the pressure of the message.

Tip 3 – Verify all Sensitive & Financial Requests via an Alternate Channel

Any requests for access to sensitive or personal information, or requests for the transfer of funds, should be verified by a secondary comms channel such as telephone. If you receive a request from your manager by email to make a payment, call them first to confirm – they’ll appreciate your awareness and care on these matters.

Tip 4 – Be Wary of Links & Attachments

Always be wary of any link or attachment from a sender that you haven’t verified the identify of. Hover over any links in an email to view the full URL and assess whether the embedded link ‘YouTube Video’ is sending you to YouTube.com, for example, or somewhere suspicious. Attachments should be treated with even greater caution, as even just previewing a document can infect your PC with malware. If the file name sounds suspicious or generic (i.e BUSINESS INVOICE.docx) – ignore & report it to your IT team. Don’t open or preview any attachment that doesn’t come from a sender you have verified & trust, even if it seems legitimate.

Tip 5 – Trust Your Instincts

If your gut is telling you that an email doesn’t seem genuine, then trust that feeling. Your IT department (us) are here to help with any issue you may be facing, and that includes identifying a potentially malicious email. We can never confirm or deny the authenticity of any email with 100% certainty but will be able to advise you on a course of action based on the available evidence. Even if the email turns out to be genuine, it’s better to be safe than sorry.