How to Identify a Malicious Email

December 4th, 2013 by admin

Fishing hook snagging a red '@' symbol

Continuing our blog series about Cryptolocker and Ransomware virus attacks, it is necessary we explain the basic fundamentals of identifying a malicious email or attachment. Only through education and proper awareness can we effectively avoid Ransomware and other malware attacks.

Identifying a Malicious Email: The Fundamentals

Below is a list of five basic safeguards you should know and practice before opening email messages and attachments. These rules should become second nature to you.

1.  Outlook may detect a message is unsafe or a potential phishing email with a warning message. Do not disregard this warning!

  • Note: A phishing email is a scam attempt in which a criminal claims to be a reputable establishment in an effort to lure a victim into handing over private information.
Phishing message warning

2.   Does the subject line or body of the email seem out of character or unusual given the sender, especially if you are not expecting an email from that organization or person? Think twice (or three times) about this!

A common phishing email comes in the form of an email from the Postal Service or UPS alerting you to a problematic shipment or delivery, and urging you to take action in some way. We will use UPS as our primary example to explain this point.

  • First, if you see an attachment, delete the message immediately. Legitimate UPS emails (as well as those from many other organizations including banks) are for notification purposes only and will never include attachments.
  • Second, UPS will not send emails like this and in most cases, would instead return the shipment to the original sender/vendor or advise the customer to log in to the official UPS website with a tracking number.
  • Third, if there is no specific information about the shipment and vendor included in the email (ie. "your order of a Vitamix from Bed, Bath, and Beyond being sent to Los Angeles, CA"), the email is most definitely a fraud.

This document from UPS provides a variety of examples of fraud emails to look out for.

3.   Always check hidden links if you are urged to unlock an exciting offer, view your account, etc. by clicking a hyperlink.

Scroll your mouse (without clicking) over the hyperlink to reveal its real address – if you see something strange or unexpected (think a lot of random numbers, letters, a strange domain you’ve never heard of, etc), delete the email right away.

  • In all cases, it is always better to log in to your accounts (banking, mortgage, online retailers, etc) online rather than doing so through an email.

4.   Are you being urged to log in to an account by clicking a link? Are you being threatened in any way if you don't act quickly?

Some examples may be "log in to your account now before..." or "you will be charged unless you act now," etc. Any statement which urges you to act by clicking a link or opening an attachment should raise a red flag. If you want to check an account, navigate to the appropriate website via your internet browser and log in this way.

  • The below image shows a phishing email cleverly disguised as a friendly message from Chase bank. In this case, the recipient should navigate to and log in the old-fashioned way in order to check the status of his/her account.

5.   Take special care any time an attachment is included in an email message!

Common unsafe attachments are htm and zip, and will often come from a seemingly reputable source (a bank, mortgage lender, distant relative, etc). Do NOT open an attachment unless you are absolutely 100% sure you know who the sender is and you were expecting an email from them. Refer back to Safeguard #2 for more information about suspicious attachments.

Putting it all Together

The sample email image below shows several tactics used to uncover phishing emails.

At first glance it may look like an innocent email regarding an Intuit account, but upon further inspection, it is clearly a fraud.

Phishing message example

Video - How to Identify a Malicious Email

The tips above should help you get started properly identifying (and avoiding!) infected email.

We recommend you watch the video below for more information about spotting malicious emails. We did not create this video and are in no way associated with this company, but think there are many excellent tips to be gained here. It may be worthwhile to send this to your entire staff.

Don't be a victim!

Check out the other articles in our Cryptolocker and Ransomware blog series to get more information about protecting yourself:

Posted in: Cyber and Data Security