How can you recognize and stop email malware attacks?
Email communication is reliable, cheap and almost instant. The popularity of email makes a perfect medium for cyberattacks, scams and spam, phishing and more. And these days, most malware is delivered via email. So how can you recognize and stop email malware attacks?
By Franklin Aguilar and Chris David
For many years, a notorious email from a “Nigerian prince” made the rounds, supposedly looking for help in moving five million dollars. The prince offered you a percentage of the funds. All you had to do was pay the bank transaction expenses. Of course the five million was purely fictional, and the scammer pocketed the money you sent.
Many people fell victim to this scam!
Since then, email has almost completely replaced regular mail (aka “snail mail”). Today our messages can be received immediately anywhere in the world. Along with popularity and ease of use, came scams and attacks.
Email attacks have evolved and increased in complexity and frequency. In fact, one of our readers told us about a time he fell victim to identity theft, via an email that seemed to be from someone he knew. So it’s crucial to know how to distinguish between a legitimate email and a malware attack.
Phishing, spoofing or spam?
Scammers have developed several ways to trick you into reading their messages and clicking their links. Many types of virus and identity theft scams are delivered via spam. Spoofing describes a type of scam where the sender/attacker develops addresses that look very similar to legitimate addresses (like “amason.com” instead of amazon.com).
Phishing refers to a specific type of cyberattack where the message sender lures you to a fraudulent website in the hopes of getting you to enter personal information.
Scammers will later use your information to gain access to financial accounts, open new bank accounts, obtain loans, or seize assets.
This is what happened to our dear reader.
How do you know an email is valid?
An incoming email might look valid. The message might have the same styles, fonts, colors and logo as a bonafide company. The message might even have your first and last name, along with other personal details.
But before you click anything, check the “from” field.
First, verify that the email comes from the correct domain. The domain is the part of the address after the @ symbol.
You can usually spot fake domains easily, like the previous example “amason.com”. Or abnormally long domains with a lot of strange characters.
Second, if the message has any embedded links, asking you to “click here” or “log in now”, put your mouse over each link. Your web browser (or email client) will show the destination page. If the site looks fishy, stop!
Lastly, for corporate users, you’re probably using an email client like Outlook. In some versions of Outlook, the “from” field might be hidden! Always configure your email client or app to display the sender address. Otherwise, you are flying blind.
Recognize the sender
When using email services at work or home, if you don’t recognize the sender, move that email straight to the trash bin. And when opening emails or clicking on links, always use good judgment.
If in doubt about any message, call the institution or sender that originated the message.
Email is an incredibly useful tool. But emails also open up your computer and network to attack. Review the sender and check the originating domain before you open the message. Check any links before you click.
Have you ever received a suspicious email? Tell us about the message and what you did. Leave a comment below.