Identifying Suspicious Emails

David Ford


In 2020, cyber-crime was at an all-time high. As COVID-19 took hold of the world, businesses undertook 10 years worth of digital transformation within months in order to survive. As great as this has been for many organisations, being a life-line to them during such a difficult time, it has come with a huge increase in cyber-crime.

Are you fully aware of the dangers lurking in the Modern Digital World?

The most frequent attack we see in the industry comes in the form of an email attachment, from an email address and domain of someone, or a business that you may know. This is called an Email Phishing Attack. They perceive themselves to be someone or a business that you trust, sending you an email with an attachment named for example “invoice”, or a link of the same description which once clicked, will download credential stealing malware and other threats. A staggering 2/3’s of Successful Cyber-Attacks were started with this method in 2020 so it is imperative that you understand how to identify and safely deal with a phishing email.

What to look out for?

Always be vigilant when you receive an email from a contact, especially when you were not expecting any communication from them. These emails can imitate a supplier, a customer or even a colleagues email address in order to trick you into opening the attachment. The number one rule is “If in doubt, delete the email and contact the sender or your IT team”. But there are a few ways to identify a malicious email which we have listed below.

• Were you expecting an email from the sender? – It is in our nature to be curious, but we cannot afford to be curious with email security. If you were not expecting any communication, delete the email from your inbox and contact the sender to confirm whether it is legitimate or a Phishing Email.

• Are they typing in the usual manner? – If you receive a Phishing Email, the likelihood is that you have had some prior dealings with whoever’s email address they are sending Phishing emails from and would be used to how they speak to you. If you receive an email from a colleague, it will more than likely be a friendly, more personal email such as the examples below:

Where as a Phishing email could look similar to the following:

• Is the domain name misspelt? – Some emails received may look as though it is from a genuine sender, but the domain name may be misspelt ([email protected] is the legit email address – Ja[email protected] is a phishing email). This is another tell-tale sign of a cyber-criminal imitating a real organisation in order to infiltrate your network.

• Does the message give a sense of urgency? – the message in the body of the email could be perceived as needing urgent attention and action, but this is to only encourage you to open the attachment without thinking of the above points.

If you have thought over the above points above and are still unsure whether an email is legitimate, refer back to the number one rule of email security… IF IN DOUBT, DELETE THE EMAIL AND CONTACT THE SENDER.