Email is such an important part of business these days. Few, if any, organisations can get by without it. It’s a quick, convenient, and essential way to communicate but there are some downsides. One of the most significant issues with email is the potential for misuse. Spam email, phishing attacks, and other malicious messages mean that it’s important to use email with common sense and a bit of caution. Learning how to spot spam emails—and using software products that help you find and dispose of email threats—is important for every employee who uses email in their work.
How to Spot Spam Emails
Email spammers, phishers, and others are increasingly sophisticated when it comes to creating and sending malicious emails. Even so, there are almost always one or more warning signs when an email is more than it seems to be. There are plenty of tell-tale indications that can pop up in spam emails.
It might seem difficult to remember and look out for all of these issues at first. But with practice it becomes second-nature to quickly scan each email for potential problems. Using software products like Microsoft Office 365 Advanced Threat Protection is also a good option to ensure that your organisation is protected.
Here’s what to look out for.
Email sender
- The sender is someone you don’t know, and nobody else in the organisation has heard of them.
- The sender is someone from outside the organisation, and isn’t someone you’d ordinarily contact in the course of your work.
- The sender has a common-looking email address—but on closer inspection it’s misspelled. This is a good confirmation in cases where there are other suspicious elements.
- The sender is from an organisation you work with, but they’re not someone you have a business relationship with or have been introduced to.
- The sender is someone you haven’t dealt with in a while, and their email is either unexpected or unusual, and contains an attachment or hyperlink.
Email recipients
- You’re CC’d into an email, and you don’t know any of the other recipients.
- You’re CC’d into an email, and the other recipients don’t make sense. For instance, the email comes from someone outside the organisation and was sent to everyone in your department.
Email date and subject line
- The email was sent at an odd time/date. For instance, at 2am on a Saturday morning.
- The subject line doesn’t fit with the content of the email.
- The subject line is vague, gibberish, or irrelevant.
- The email claims to be a reply to a message you didn’t send.
Hyperlinks and Attachments
- A hyperlink in the email goes to a location that’s different from what it appears to be. Avoid this by always hovering over an email link before clicking.
- The email is blank except for one long hyperlink.
- The email contains one or more hyperlinks that are misspelled versions of a familiar website.
- The email contains an attachment that isn’t mentioned in the email, that is irrelevant to the content of the email, or that you weren’t expecting.
- The email attachment is a potentially dangerous file type, such as an .exe file. Generally it’s only safe to click on .txt files from within an email.
Email Content
- The email asks for personal information of any kind.
- The email asks you to open an attachment or click a hyperlink, either to win or gain something, or to avoid negative consequences.
- The email has obvious spelling or grammatical errors.
- The email asks you to open an attachment or click a hyperlink that is irrelevant or unusual.
- The sender claims to have embarrassing or compromising pictures or video clips of you.
- You have a gut feeling that there’s something wrong with the email.
Don’t ignore those gut feelings! A gut feeling is a warning that you’ve noticed something wrong—you just don’t consciously realise what you’ve noticed. If you feel uncomfortable about an email you receive, take the time to check if there’s anything unusual about it.
Tips to Reduce Spam Email
Spam email is so common these days that it’s difficult, if not impossible, to eliminate it entirely. But it’s possible to reduce the amount of incoming spam.
- Strengthen your email filters so that the spam never reaches your inbox. But make sure you don’t set them so high that you inadvertently block email that you should receiving.
- Purchase domain privacy for your organisation’s website. This masks your website information in the WHOIS database.
- Don’t use a work email address for any personal email.
- Never respond to spam email. Even when spam email isn’t malicious, it’s still better to avoid responding. It just encourages them to send more spam.
- Block spam email senders.
Consider Industry-Leading Protection for Your Organisation
Spotting and dealing with spam can take up valuable time. Multiplied over your entire workforce, it can mean a significant amount of lost productivity. Having software like Microsoft Office 365 Advanced Threat Protection in your arsenal can make the process much easier, and almost fail-proof.