Avoiding Malicious Emails

Phishing Scam

A large proportion of online attacks and viruses come through fraudulent emails, sent by people trying to get your personal data, password, financial details, or trying to plant malicious software. Implementing and following good security practises can help you to avoid falling victim to these emails with malicious intent.

Fake emails often display the following characteristics:

  • The senders email address doesn’t reflect the trusted organisations website address
  • The email is sent from a completely different address or a free web mail address
  • The email does not use your proper name, but uses a non-specific greeting like “dear customer”
  • A sense of urgency; for example the threat that unless you act immediately your account may be closed
  • A prominent website link. These can be forged or seem very similar to the proper address, but even a single character difference means a different website
  • A request for personal information such as user name, password or bank details
  • The email contains spelling and grammatical errors
  • You weren’t expecting to get an email from the company that appears to have sent it
  • The entire text of the email is contained within an image rather than the usual text format
  • The image contains an embedded hyperlink to a bogus site

What should you do if you’ve received a malicious email?

  • Do not click on any links in the scam email
  • Do not reply to the email or contact the senders in any way
  • If you have clicked on a link in the email, do not supply any information on the website that may open
  • Do not open any attachments that arrive with the email
  • If you think you may have compromised the safety of your bank details and/or have lost money due to fraudulent misuse of your cards, you should immediately contact your bank

Avoiding malicious emails

  • Block dangerous file attachments such as executable (.exe), compressed files (.zip), macro-enabled Office documents (.docm and .xlsm). A lot of malware and viruses are sent this way
  • Don’t display email addresses on your website. These will be scraped by attackers. Instead a contact form can be used to send enquiries without sharing the recipients email address
  • Configure SPF and DKIM records. These won’t stop you getting spoofed emails but will help reduce attackers abilities to impersonate your own email addresses
  • Enable Multi-Factor Authentication (MFA) or Two-Factor Authentication (2FA) on your mailboxes. This make it more difficult for an attacker to access your account even if your email and address is accidentally leaked
  • If an email is financially motivated and either of high value or out of character and unexpected then verify the message with the sender by a second means of communication verbal, telephone, SMS, etc. In case they themselves have either been compromised or spoofed
  • Use email filtering services to block most spam. Some emails may still get through to your Junk folder or your Inbox

If you would like more help addressing email related issues then get in touch and see what BlueRockIT can do for you.