In December 2021, 45.37% of total emails were spam emails. According to the latest reports from Talos Intelligence, an surprisingly 84.82% of all emails are spam. 94% of malware is delivered via email.
Several types of cybercrimes are carried out through phishing emails. Every day, everyone of us gets a ton of emails, a large majority of which land in our spam folders. However, phishing emails frequently manage to bypass Email client software safeguards and reach our inboxes.
So, if you're wondering how to spot a fake email or, more specifically, how to tell if an email is genuine or fake, keep reading.
Ensure the sender's address is correct.
An email phishing attack can be identified by the attackers' use of well-known companies or individuals as a cover. The target of the cybercriminal will interact with the email since it appears to be from a real person or company.
🚦 Examine the email header information to ensure the sender's address is correct.
Legit companies or organizations usually send email from email addresses that have the company's domain name followed by the "@" symbol. For example, [email protected], [email protected], [email protected], etc. In other words, the company domain must follows the "@" symbol. To get such Email Address, you must own the domain name, or have an authorized person from the company to create one for you.
For example, if the sender claims that the email is from Meezan Bank, the sender's email address should contain @meezanbank.com. If the sender's email address ends with "@gmail.com" or some unusual domain name after @, this is a big red flag.
See the following example spam email I recently received:
As you can see in the screenshot above, if the email was from Saudi Post, the sender's email address should not have been from some unknown domain like "@nhs.net" instead of "@splonline. com.sa".
🚨 Cybercriminals hope that the recipient will forget to check the sender's email address.
Look for Deceptive Domains and Spellings.
Some cybercriminals do not use normal email addresses. They buy domain names that resemble the website of the legitimate business they want to impersonate. They usually add additional words or change some letters/words to the original domain name. Check out the table below to understand how fraudsters exploit domains names:
Now, even if email recipients are alert, they may fail to see the difference between [email protected] and [email protected]. Thus, it is important that you always review the sender's email address with extra caution.
Language of Immediate Actions is being Used.
Fraudsters attempt to provoke emotional responses such as anger, shock, sympathy, panic, curiosity, and so on. They are more likely to deceive their targets this way.
For example, they may send you emails on the following topics:
An incredible deal/discount on products.
Winning a high-value lottery.
Unauthorize access to your account.
In the event of disclosure of your confidential data.
A (fake) purchase from your account.
Email recipients might become emotional over a variety of subjects. Since hackers are aware of this, they will employ email subject lines that persuade recipients to act without carefully reading or researching the email, and will try to respond promptly.
Hackers like to create a sense of urgency. Scammers will occasionally impose deadlines to pressure users into acting fast and hurriedly. Hackers frequently impose a 24- or 48-hour limit. Such deadlines put the user under pressure to execute the advised quick steps in the email.
Unexpected Email Attachments.
Asking yourself, "Did I request this information?" is a solid rule of thumb when it comes to email attachments. In order to mislead you into downloading their harmful executables without your knowledge, fraudsters frequently send emails with phony attachments.
🚀 If an email is sent by a friend or relative from a valid email address, the sender should be contacted by phone first. Your friend's or relative's email account may have been hacked and they are unaware of it!
These attachments may take many different forms.
Invoice documents.
Payment Receipts.
Photos or other graphics files.
Pricing sheets documents.
Spreadsheets (Excel etc).
Malware that uses documents as its delivery medium is now rather widespread. This is due to the addition of scripting and macros that allow Word and PDF files to function as executables by Microsoft and Adobe.
Hi, I’m Wajid Khan. I am trying to explain computer stuff in a simple and engaging manner, so that even non-techies can easily understand, and delivered to your inbox weekly.
