A phishing email is now the number one way cyber criminals use ransomware to attack their victims, like your small business. Don’t understand what ransomware is? Click HERE to learn about ransomware. A single click might produce a disaster as if that employee started a fire in the server room. So I often ask clients to send me a suspicious email rather than clicking on an attachment or link. I will send back a hint or two as to why the email looks like SPAM or worse, a phishing exploit. I’ve been saying to myself I need to put this in a blog to help inform the lay person on how to spot these dangerous emails. Generally, any single item below might be harmless, but think of it as weights adding up on a scale which would tip the balance toward ignoring it or better yet, sending it to an IT professional for them to test or examine. We would prefer to take 30 seconds to look at a suspicious email than the hours or potentially days it could take to clean off an infection or restore lost data.
So let’s get started…
1. You Aren’t The Recipient.
This is the easiest to spot. The “TO” portion of the email is either BLANK, just your email address, or even worse, addressed to someone else you know. This will be your first clue something might be amiss.
This will take a bit of explaining. Based on your Windows configuration your computer system will either display known file extensions or it won’t. We’ll discuss both:
If this is the case a normal PDF or Word document attachment will simply display the document name, such as RicksArticle with no “.pdf” or “.docx” extension. However, the hackers sometimes attempt to fool you by putting a fake extension on attachment. If this is the case, instead of only seeing the document name you’ll see the document name plus a “.pdf” or other presumably safe extension. In the words of Admiral Ackbar, “It’s a TRAP!” You don’t know what the true extension is, so don’t open it.
This makes it somewhat easier to discern when a hacker is putting on a fake extension as you’ll see the attachment name as “RicksArticle.pdf.zip” or “RicksArticle.pdf.pdf” If you see a fake extension it’s a clear sign the attachment has something bad in store for you. Lack of fake extensions doesn’t make it safe though. If the file is a ZIP file, such as “RicksArticle.zip” these should be considered dangerous and not opened until you confirm it was sent by someone you trust. By that I mean contact them either by text or phone as their email account may be compromised. With today’s better methods of sending large files, very few people send zip files as email attachments, so seeing a zip file attachment is a BIG RED FLAG.
Generally my advice is simply don’t open ANY attachment you aren’t expecting to receive from a person you trust. Even photos and pdfs can now carry malicious software.
3. From a Company You Don’t Use
Whether it is a bank, clothing store or other vendor, if you don’t patronize that business simply delete the email as it is a phishing exploit. By the way, the IRS NEVER communicates through email.
4. Vague or General Information Regarding The Account Holder
Ok, let’s say this is a vendor you do patronize, but there’s nothing specific about you, the account holder in the email. It’s addressed to “Dear Customer” or “Urgent Action Needed” Obviously the attacker doesn’t have specific information about the account, so it’s a shotgun approach to get you to click on the link or open the attachment.
5. Malicious Links In The Email
I know what you’re saying, “Rick, if I knew what a malicious link looked like, I wouldn’t be reading this.” Good point. To me, any link which doesn’t go where I would logically expect it to go is malicious. The link should CLEARLY take you back to the originator’s business. Also, if the link has a country code in it and you aren’t living in that country, delete the email. For an explanation of country codes, click HERE.
6. Friends Sending Links
This one is a bit tricky. A good friend of yours sends you an email with a short message such as “Hey, look at this!” with a link. Contact your friend through another means, such as texting, asking if they truly sent you something. Many times they have clicked on something they should not and the result is it sends a malicious email to everyone on their contact list. Another situation is their account has been hacked. This is particularly true if it is a free account such as Yahoo or Gmail.
As you can tell, the best advice is to not click or open anything in an email of which you aren’t expecting or feel secure. The list above is common sense to most IT people. My hope is to make it more common among the Internet Population in general. Lastly, the hackers are becoming more sophisticated each day. Talk to your IT group about detecting threats. The paradigm shift is toward detecting active threats. Be suspicious of all your emails and you’ll be a detective for active threats yourself.
About the author, Rick Rusch, CPA, CITP, CGMA
For over 25 years Rick has helped companies research & select an appropriate ERP accounting software solution. Recognizing the new dangers of the Internet age, Rick has focused on cybersecurity to help clients guard their digital data. Rick has degrees in accounting and computer science.