Protecting From Malicious Emails
Protecting From Malicious Emails
In the modern digital world, email remains a fundamental communication tool, both personally and professionally. However, it also serves as a common vector for cyberattacks. This not only affects your work email. Your personal accounts will be part of these malicious campaigns as well. No one system is perfect and we must understand how to protect ourselves from these threats. Here we will go over the ways to recognize malicious campaigns and how to protect yourself.
Different Types of Malicious Emails
Malicious email campaigns are not just run from individual threat actors but actually can be purchased as a service. These campaigns attempt to deceive you to providing information or have you perform a task. Here are some of the most common types of malicious emails:
- Phishing: Just like fishing in the sea and pronounced the same way, attackers cast a wide net sending emails to lots of people. These emails look to have you provide them with sensitive information, but not limited to logins for banking or email accounts.
- Spear Phishing: Just like phishing, this is a more focused attack. Threat actors research you specifically to maximize deception.
- Malware: Emails containing attachments or links that can install harmful software or have forms that require you to login.
- Business Email Compromise: Emails that impersonate individuals within an organization to deceive you into performing a task or providing information.
How to recognize malicious emails
Now that you know the types of campaigns, here are some ways to recognize the red flags in emails:
- Suspicious Email Address: Check the senders email address. This is sometimes confused with the “Display Name” or the name typically listed for the email address. Typically, on a mobile phone, you need to click on the name in the email to expose the actual email address. Email addresses might be close to the legitimate one but pay close attention.
- Urgent Language: Threat actors will use verbiage requiring immediate action or require you to only respond to them via email.
- Poor Grammar and Spelling: Reading the email typically will have poorly written English. Now with AI, threat actors will use AI to generate malicious content in near perfect English so this may not be as effective as time goes on. This will also include not typical greetings such as “Dear Customer”.
- Unexpected Attachments or Links: Be cautious with any attachments or links. Even from known senders.
Best Practices for Protecting Yourself
In a previous blog post, Keeping You and Your Accounts Safe, we discuss ways to protect your accounts. In addition to those methods, here are some things you can do to further protect you and your devices:
- Don’t Engage: While it may seem tempting to want to engage in the emails, do not respond or interact with attachments or links if any red flags are raised.
- Report the Email: Most email providers will have a report button to flag the email. This helps protect you and potentially other email accounts from the same malicious campaign.
- Delete the email: Delete the email from your inbox and forget about it.
Please be sure to check out the previous blog which 2FA, Anti-virus, password managers and much more is discussed.
These malicious email campaigns account for 74% of cyber breaches and attacks and are only going to rise. You are the first line of defense against threat actors. Be sure to backup your data and stay alert. Here is a video on how easy it is to fall victim: