Recognizing Malicious Emails

Harrison
10.01.20 08:58 AM Comment(s)

How to Recognize and Avoid Malicious Emails

According to Britannica, 50% of email on the internet is spam. These emails range from selling Viagra knock-offs to trying to convince you to wire them money. Some of these emails are so obvious they need no introduction, but cyber-criminals are becoming more and more sophisticated. In this blog we're going to help you recognize a malicious email, respond appropriately, and recover if you've fallen for them. The last section is how to prevent these things happening in the first place.

Key Takeaways

  •   STOP! If you think an emails seems a little off, stop and investigate.
  • Check Links, Check the "From", Look for Grammar mistakes and misspelled words
  • Look out for urgency and manipulation. Aka, someone wants something fast or they have something you need.

Types, Detecting, and Responding

Business Email Compromise (BEC)

When someone takes over a legitimate email account and uses that account to send malicious emails, that's called Business Email Compromise. These emails are the hardest to stop and detect because they usually appear to be from someone you know and trust because they are, in fact, from their email account. These accounts get taken over when someone has gotten the login information for the compromised account, they've signed in, and are using that account for their own practices. 

Detecting BEC Emails

When you receive an email from a compromised account, it usually has a couple clear tell tale signs that it's a fake. Here's how to spot them:

  • There's almost always a link
  • The link almost always takes you to a page requesting login information
  • It seems off and non-typical
  • You didn't request it
  • Check for bad grammar and spelling errors. Many of these people use a translator app and English isn't their first language

Responding to BEC Emails

If you've gotten a BEC email, or one that you suspect is a BEC email, what should you do?

  1. Verify that it's not legitimate
    1. If you get an email from someone that just seems off, use out-of-band communication to contact them. Do NOT email them back and ask "Is this real?" or use the phone number on the signature. If their email is compromised then of course they will say "Of course it's legit," and the signature phone numbers are usually changed as well. 
      1. Call the phone number of the person if you have one on file, or call their company's main number
      2. Text them, fax them, or email someone else at their office. Use something other than that email address to contact the person. This is what we mean by "out-of-band" communication. 
    2. ​Examine links in the file. If it says it goes to a Word document, does the link go to OneDrive or SharePoint? Also, just because it does, doesn't mean you should go there, but that's a good way to tell if it's spam. 
      1. Here's a great site to see where a link actually goes: https://wheregoes.com/ 
  2. Find out who else in your company has also received the email and warn them, especially if it's really tricky. Warn your colleagues or contact your IT department about the scam. It just takes one person to give your company a really bad name. 
  3. Delete the email. Or if you're feeling like you want to have some fun, email the person back and see how long they'll talk with you. Maybe you can get them to wire you some money :-)

General Spam: Solicitations and Trickery

Sometimes the email isn't from someone you know, and they try to convince you to click a link, wire money, or the like anyway. Let's look at some types of these scams, why they happen, and how to respond. These are a different category because these usually are not legitimate accounts, but they appear legitimate. 

Types

Faking the "From"

A common trick out there is to change the "From" name of an email address. If your boss's name is Jane Smith and their email is jane@company.com, a spammer can change their name to be "Jane Smith" even though their email is jane@anotheremail.com. This is usually a good trick and most people don't pay attention to the whole email address. Here are the tell tale signs of these:

  • Check the actual email address
  • Eventually they will ask you to send gift cards or some strange financial request (think wiring money)
Blackmail and Heart Strings

There's really no limit to the ways scammers will try to blackmail you. My neighbor was scammed by a company she was trying to return something she'd purchased and they said they had to get on her computer and check her bank accounts to verify the purchase... well... that wasn't all they were doing. Here are some common ones:

  • I'm a destitute person in [name of third-world country] and I need help
  • I have your email and password and I have sensitive information about you i'm going to publish if you don't pay me
  • I have naughty pictures of you and I"ll release them if you don't pay me (sometimes this one is along with the one above)
  • We could run away together, I just need some money to come visit
Too Good to be True

This may come as a shock, but you probably aren't that lucky to win the lottery or that car, or whatever else they're selling. Don't fall for it and don't click the links!

Detecting

Besides the signs of scammers mentioned above, there are usually a lot of other signs you can look for too in scammers emails:

  • Poor use of the English language. English is usually not their native tongue and so an easy way to tell a scam is by how they handle the complex language:
    • Bad grammar
    • Bad spelling
    • Weird phrasing
  • ​Check for links. It's a good idea to check any link before you click on it. Does it actually go where it should? When it's asking for a login to Microsoft, are you actually on a Microsoft web page?

Recovering From Spam After You've Fallen for It

Sometimes we all make mistakes and sometimes we realize our mistake right after we make it. If you've fallen for a BEC scam here's what you do:

If you just replied to the email

  • Don't really need to do anything. You just sent them a message and engaged them. Just delete their future emails to you.

If you gave them your email and password

  • Reset your password immediately
  • Reset any other accounts that use that same password
  • Make sure your account isn't forwarding emails to an unknown email account. This is a common tactic if an email has been compromised, then they can map out your organization long-after you've changed your password
  • Make sure you don't have an auto-reply you don't recognize

If you've downloaded a program and run it

  • Disconnect your computer from any network connections (WiFi and/or Ethernet)
  • Reset your computer and start over or rollback your computer to a backup before you ran the program
  • If you downloaded a file but didn't open it. Delete the program/file and run a virus scan. You may still need to reset your computer, but you may also be fine.

If you did a remote session and they were on your computer

If you made it this far with someone, they're probably after your money and it's a simple scam to that extent. I would do the same thing as the program downloaded and run. 

An ounce of prevention is worth a pound of recovery

So, what if we just made some changes that stopped spammers in their tracks and made it much fore difficult to fall for these things in the first place? Here are some ideas that will help you be less impact if you fall for spam, and hopefully make you less likely to get it.

  • Use Multi-Factor Authentication for your email account
  • Disable Auto-Forwarding in your email account (You have to be an admin to do this, but it's a really good idea)
  • Deploy an advanced anti-virus on your computer. This advanced anti-virus should be doing active scanning of any downloads
  • Deploy a password manager for you and your team
  • Create alerts for emails that are "Faking the From" so people in your company can more easily recognize them