The Internet can be a dangerous place. An old saying goes, “nothing is certain but death and taxes;” it could be amended for the 21st century by adding something like “and the fact that someone is trying to steal your online data.” Whether they’re trying to sell it on the dark web, steal your identity, or for any other of a host of malevolent reasons, bad actors want your data and they are crafty about getting it. One of the oldest but still most prevalent tricks in the book is the phishing email, where they’ll send emails pretending to be from a legitimate source.
Most modern spam filters can catch these emails because of the massive database of signatures they have, but every once in a while, some emails make it through to your inbox. When this happens, it’s important that you know the warning signs so you don’t open it inadvertently, or do what it says if you do open it. These emails either try and get you to do something, such as logging into a fake website using credentials (think your online banking details), or to secretly install some sort of malware on your computer once you open the email or an attachment. The following are some easy to remember ways to identify a potentially malicious email to save yourself massive headaches.
First, malicious emails will usually have a suspicious “from” line. Some of them are quite good, using an almost legitimate domain name in order to trick you (think gooogle.com or maybe amazone.com). However, most of them may say they’re from your bank, but the ‘from’ line has some crazy collection of characters instead. Save yourself some trouble and just delete those emails completely.
Second, malicious emails are often replete with grammatical and spelling errors. This is because many of these threats originate from, or are outsourced to, people or organizations in other countries who may not speak English as a first language. If you’re noticing simple spelling errors or sentences that don’t make sense in that email that’s supposedly saying the IRS is hunting you down, it’s probably a fake. Make sure you don’t click any links or files attached to that email; just delete it and move on with your day.
Third, phishing emails will often have some sort of link in them, calling for you to follow it and input your login credentials, Social Security Number, or similar personal information. Sometimes these links will actually show the URL, which will further clue you in that it’s a bogus link because it’s from a strange source, but oftentimes they’ll just have generic text. These links can do a whole number of terrible things, whether it’s taking you to a website where some malware will be downloaded on your computer without your knowledge or taking you to a fake site where it will capture the data you input. These fake websites can often be surprisingly convincing in their accuracy to the actual site, and you might have no idea. In practice, if you get a concerning email asking for your login credentials or personal information, give the purported sender a call and see if they actually need it. Most companies say they will never ask for your login data, so that alone should throw up red flags.
These are some of the easiest ways to identify a malicious email. You may think they aren’t a threat, but by far the single largest cybersecurity threat in America, and one that has been responsible for numerous big-ticket data breaches, is the lowly phishing email. The best way to protect yourself is to be aware of the dangers posed by the Internet and to educate yourself even a little on how to beat the threats.