How to Spot Malicious Emails

I’ve spent a good part of my career in and around email. I’ve learned a bit about what separates legitimate email from that nasty stuff sent by bad guys trying to hack into your online life.

Like locks on your house, email security technology isn’t perfect but it definitely makes it harder for bad guys to get in. In the last few years, bad guys have been switching strategies from picking locks to tricking you into unlocking the door yourself and inviting them in. You, the user, have become the weakest link in the chain. This approach to hacking is called social engineering.

How does this work? It’s easier than you’d think. The approach is called phishing and it refers to any email that purports to be from a legit sender (PayPal, Facebook, your bank, etc.) but whose real goal is to trick you into clicking on a link or opening an attachment. Since you are already on your computer and already logged in, these simple actions allow them into your computer where they build a secret back door you’ll never know about. After that, the bad guys can come and go whenever they like.

So, if social engineering and phishing are the biggest security threat, how do you know which messages and links to be suspicious of? Here are a few tips on spotting the bad guys:

  • Beware of “Dear Customer” – If you get a generic looking notice from a site that should otherwise know who you are, be suspicious. Nearly all legitimate notices or alerts from sites like PayPal, Facebook, banks, etc, will include something personal about you like your name or part of your account number
  • Beware of bad English – This is funny but true. Most bad guys don’t speak English as their first language. Poor grammar from a respected business is the #1 way I spot suspicious content.
  • Beware of attachments – We all get email attachments, especially things like photos from friends or documents from work. Most of these are fine. But, unless you are sure the sender is legitimate, it’s best to avoid attachments. Opening an infected or malicious file is the surest and fastest way to get hacked. For example, UPS will never send you a ZIP file with your package tracking data – if you get a message like this, delete it and definitely do not open or read the attachment.
  • Beware of requests for personal info – If you get a message saying your account will be deleted or suspended unless you provide some personal information, it’s almost definitely a fake. For example, legitimate companies will never send you an email asking for your social security number.
  • Beware of security alerts from products or sites you aren’t familiar with – If you visit a website, see an online ad or get a notification from something other than the security software you know you are running, be very suspicious.
  • Beware of emails claiming to have updated software – most of the software you’ve installed will tell itself when it’s time for an update. Software vendors rarely send emails to inform you of updates. For example, Adobe Flash will never send you an email directing you to a website for an update – the update will come directly from your browser, operating system or system tray.
  • Link faking – This one is a bit technical but it is the most common trick. Let me give you an example of how this works. If a message claims to be from PayPal but the link points to something like you know something is wrong. Bad guys cover up the suspicious link with legitimate looking link like Fortunately, if you hover your mouse over a link before you click it, most email programs will show you what the actual link look like – if the actual link is suspicious or ends in something other than “.com”, don’t click.

The simplest advice is to trust your instincts – if something seems suspicious, just stay away.

Check out my other security posts Read This If You’ve Been Hacked (or Want To Avoid It) and My Virus Checker Will Keep Me Safe, and Other Internet Security Myths

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s