Introduction

Many of the emails we receive each day are spam. Some are dangerous and can cause significant harm, such as identity theft, access to online resources, or loss of money. Therefore, you must be diligent in handling emails and learn to recognize malicious ones. In this article, I will give you tips to help identify malicious emails.

The Subject

The subject line can give clues about the legitimacy of the email. Does the email subject look suspicious? Marketers and spammers construct subject lines to catch your attention so you would open the email. Sometimes, the subject line alone is enough to dismiss the email.

Understand that the subject line is constructed in many cases, so you are compelled to open the email. One trick I see often is to use “RE:” in the subject, which is meant to make you think someone is replying to your email. If you don’t recognize the sender (I’ll discuss it next), consider the message spam.

The Sender

Who sent the email? Determine who sent the email before doing anything with it. Be extra careful if you don’t recognize the sender.

Be careful when identifying the sender because spammers construct the email to make it look like it came from a reputable company. For example, just because the email says it comes from a specific company does not necessarily mean it did.

The Content

Consider the wording of the email’s content. I mentioned above that the content of the email might be constructed to deceive you of the sender. However, sometimes the wording alone may be a trick.

Many malicious emails are sent from foreigners who do not write English well. You might notice misspelled words, strangely constructed sentences, and common phrases are written incorrectly.

Urgency

The email should be considered suspicious if it presents a sense of urgency and seriousness. For example, it may claim you must pay a fine in three days, or the IRS will have you arrested. It would be best not to allow fear to compel you to fall for a spammer’s trick.

Never Click on Links in the Email

A general rule of thumb is never to click on links in an unsolicited email, even if it looks legitimate. Spammers will construct emails to look like they came from your bank, UPS, or another service you may use. You may even get emails that look like they come from a company you do not have a relationship with.

Spammers know that a small percentage of people will fall for the trick and click on the link to begin a process to steal money or get information (e.g., login credentials). It can be very compelling to click a link and follow the prompts.

Instead of clicking on links, go to the resource in question manually to investigate any claims in the email. For example, suppose you receive an email looking like it came from your bank, and it contains a link to sign in to respond to a dispute. Instead of clicking the link, open your browser, go to your bank’s website and sign in.

Look for the thing that was claimed in the email. You might even call your bank and inform them of the email. The point is to not click on a link and sign in. It is easy for spammers to construct a website that looks just like your bank’s website (or any other company). When you sign in to a forged website, you provide your information to the spammers, and they can, in turn, sign into your real bank account.

Conclusion

Be very suspicious of unsolicited emails. Don’t assume that the email comes from the sender it claims to come from. Be aware that spammers try to trick recipients into providing credentials or other information that can be used for malicious purposes.

Never call a phone number shown in an unsolicited email appearing to come from a reputable company, e.g., your bank. Instead, use the phone number recorded online for that company and tell them about the email.

Unfortunately, these days we must be diligent about determining if an email is legitimate or not. Be safe with your email.