Invoice documents<\/li><\/ul>\n\n\n\nIf you receive an email with a .zip, .exe, .scr, or other unfamiliar extension, flag the file to be virus-and-malware scanned before clicking on it to open. Others still appear as simple spreadsheets, Word, or PDF documents.<\/p>\n\n\n\n
Since Microsoft and Adobe added the ability for Word documents and PDFs to work like executables via scripting and macros, document-based malware sent over emails have become increasingly common. Unfortunately, once downloaded, some of these malwares have the ability to spread to other documents in the system. Should this happen, other legitimate documents sent from the same workstation can spread the virus further within the network, to clients, and other business associates. If sent externally, it has the potential of getting your domain blacklisted on for sending emails with malicious content.<\/p>\n\n\n\n
Re<\/strong>: February Invoice #09808\n\nAttachment<\/strong>: Internet bill - invoice09808.doc\n\nAttached is invoice for Feb. Please make payment before 12 February 2018 to avoid disconnection.\n\nThanks <\/pre>\n\n\n\n<\/p>\n\n\n\n
If in doubt about whether an email or attachment is legitimate, contact the sender directly \u2013 preferably on phone using contact sources you trust such as the company\u2019s website or one you already had stored before. Never use the contact information that\u2019s listed in an email that is questionable!<\/u><\/strong><\/p>\n\n\n\n<\/span>vi. An Unusual Tone or Greeting<\/strong><\/span><\/h3>\n\n\n\nThe first thing that should arouse your suspicion when reading a phishing email is if the language seems odd, unusual, or unfamiliar. For instance, a colleague is suddenly over-familiar or a little more formal than they ordinarily are.<\/p>\n\n\n\n
For example, if I were to receive an email from MailSafi\u2019s CTO that began with \u201cDear Joy<\/em>,\u201d that would immediately raise a red flag. In all of our communication, he has never begun an email with that greeting so it would feel unusual. If a message appears strange, it\u2019s worth scrutinizing it in more detail for other signs that it may be a phishing scam email.<\/p>\n\n\n\n<\/span>vii. Unusual Request<\/strong><\/span><\/h3>\n\n\n\nIf an email asks you to do something that is out of the norm, then that too is a red flag. For instance, if an email claims to be from the ICT department and asks you to install a certain program or contains a link for you to click in order to upgrade or patch your system, yet ordinarily, this type of activity is managed by the ICT department, that should be a big indicator that you are most likely reading a phishing email and you should not to follow the instructions.<\/p>\n\n\n\n
<\/span>viii. Pushy or Suspicious Language<\/strong><\/span><\/h3>\n\n\n\nThere are many subjects that elicit emotional responses from email recipients. Hackers know this and will use email subjects that will spur you to take action you ordinarily wouldn\u2019t, without stopping to inspect or investigate the emails properly. Scammers will try to trigger emotional responses like anger, shock, empathy, panic, curiosity, etc. Here are some example subject lines of such emails:<\/p>\n\n\n\n
- COVID-19 fundraising campaign for Slum Dwellers<\/li>
- An unbelievable deal!<\/li>
- You won!<\/li>
- Sales job vacancy<\/li>
- Unauthorized access to your account<\/li>
- Your purchase on Amazon is complete<\/li><\/ul>\n\n\n\n
<\/span>ix. You Did Not Initiate the Conversation<\/strong><\/span><\/h3>\n\n\n\nBecause scam emails are unsolicited, an often used tactic is to inform you that you have won a prize, will qualify for a prize if you reply to the email, or you will get a discount or discount code by clicking on a link or opening a certain attachment.<\/p>\n\n\n\n
In cases where you did not initiate the conversation, e.g., by opting in to receive marketing material or newsletters, etc., there is a high likelihood that the email is malicious.<\/p>\n\n\n\n
<\/span>x. Uncommon Uses of the Email Bcc Field<\/strong><\/span><\/h3>\n\n\n\nIn some emails, you will see your email address listed in the Bcc field instead of the recipient field. While there\u2019s technically nothing wrong with this, it is uncommon for organizations to use the Bcc field when communicating with customers. No genuine company will send a blind carbon copy email asking you to verify your account information or to requesting you to download transaction receipts. They will reach out to you directly.<\/p>\n\n\n\n
So, if you see your email address in the Bcc field instead of in front of \u201cTo:<\/strong>\u201d or \u201cSend To:<\/strong>\u201d it\u2019s a good indicator that the email is a fake.<\/p>\n\n\n\nLet\u2019s consider the example phishing email in the screenshot below. Check out how the sender lists my email address in the Bcc column instead of the recipient (To:<\/strong>) field. Also, see how smart the sender is by including \u201c@amazon.com\u201d as part of the sender\u2019s display email address to deceive the recipient.<\/p>\n\n\n\n Re: Amazon Billing Info #278797 \u2013 Action Required \u2013 Waiting verification\n From<\/strong>: billing-alert@amazon.com <mammoth@gmail.com>\n To<\/strong>: billing-alert@amazon.com \n Bcc<\/strong>: jill@asdesk.com\n \nAccount ID: #9089A879<\/strong>\n\nThis is a system generated email. Please do not reply, thanks.\n\nClick to view your statement.pdf<\/span><\/pre>\n\n\n\n<\/p>\n\n\n\n