Malicious emails and how to defend against them

Everyone has at least once received a suspicious email. While some are easy to spot, others not so much. Hackers use these spam emails to "phish" for victims. These legitimate-looking emails can catch even those who are internet savvy off guard and get their sensitive and crucial information.

How do scam emails look like?

You might get an unexpected email or text message that looks like it’s from a company you know or trust, like a bank or a credit card or utility company. Or maybe it’s from an online payment website or app. The message could be from a scammer, who might:

• say they’ve noticed some suspicious activity or log-in attempts — they haven’t
• claim there’s a problem with your account or your payment information — there isn’t
• say you need to confirm some personal or financial information — you don’t
• include an invoice you don’t recognize — it’s fake
• want you to click on a link to make a payment — but the link has malware
• say you’re eligible to register for a government refund — it’s a scam
• offer a coupon for free stuff — it’s not real

Most common email scams

1. The email comes from a generic domain (Gmail, Yahoo, etc.)

Generic email domains such as @gmail.com, @yahoo.com, @hotmail.com, and @outlook.com are cybercriminals' favourites for sending scam emails. 

These accounts are free to use, easy and quick to make and can be customized to look like they’re coming from a legitimate organization. 

 

Source

2.  Urgent security warnings (“Someone has access to your account!”)

Very common tactic hackers use is to manipulate victims emotions. By claiming that your account has already been hacked it can make the victim act on fear and try to quickly fix the non existent problem. Usually these emails look like they're coming from an account you trust and contain phrases such as “Unauthorized login attempt on your account,” or “We’ve detected some unusual activity.” The emails will also include a link that sends you to a site that prompts you to enter your login credentials in order to ensure your account is safe. 

 

Before you click on a link, check the “From” email address. Is it from the actual company? If not, it’s a scam. 

3. A ‘too good to be true’ promise

Scare tactics aren’t the only way that scammers prey on your emotions. If you receive an email claiming that you qualify for a reward or prize from a contest in which you didn’t participate, it’s likely a scam. 

For example, let’s say you receive an email claiming you won a new phone and all you need is to click the link.

Even if they use your full name or a common username, there’s a pretty low chance that it’s a lucky mistake. Instead, scammers are most likely trying to get you to enter your financial information or download malware on your devices. 

4. Missed package delivery scam email

• Has all the classic signs of a scam email.
• Urgency, element of surprise, strange links or QR code.
• Even the footer looks real. They even included privacy policy.
• The strange sender address clearly gives it away. 

 

Source

6. Redirects to unsecure domains (i.e., they’re missing HTTPS)

Fortunately, If you click on a link in a scam email, you’re not automatically in danger. 

Most scam email links will send you to a phishing website that asks you to enter sensitive information like your credit card number or account login and password. These sites can look surprisingly real. But there’s one element that almost always gives them away.

Financial institutions and companies handling sensitive information always have HTTPS in their URLs (not HTTP). Sites with HTTPS provide secure communication over a network.

 

What if You Opened a Scam Email?

Here’s the good news: Scammers can’t do much if all you do is open a scam email.  

However, you’re putting your personal and financial information at risk if you:

• Click on a phishing link.
• Download a malicious email attachment.
• Respond with sensitive information (like your bank login credentials or credit card details).

So, does this mean you’re completely safe if you only open scam emails (but don’t click on any links)? Not exactly. 

If your email provider is set to automatically load images, then hackers can actually learn a lot about you, including:

• Your location.
• The internet service provider or mobile carrier you use.
• The device you used to open the email (desktop, tablet, iPhone / Android).
• What operating system you’re using (iOS, Mac, Android, Microsoft Windows, Linux).
• The email client you’re using (Apple Mail, Outlook, Gmail, or Yahoo Mail). 
• Which web browser you’re using (Apple Safari, Google Chrome, or Firefox).

That’s a lot of information hackers can use for future, more sophisticated social engineering attacks. 

 

Clicking on a Link in a Scam Email

If you clicked a link or downloaded an attachment, don’t panic. Instead, follow these steps:

1. Disconnect from your Wi-Fi or mobile network.
   
2. Scan your device for malware or viruses. 
   
3. Change your passwords immediately.
4. Secure your accounts.

The biggest giveaway in scam emails is always the email address itself. If you're not sure if the email is legitimate contact the company, organization through other trusted legitimate sources: official websites, phone numbers, etc.

Related Reading: How to Avoid Phishing, Malware and other Cyberattacks: Internet Safety 101

How to Avoid Phishing, Malware and other Cyberattacks: Internet Safety 101

In an increasingly digital world, where our lives are intertwined with the internet, the risk of falling victim to cyberattacks is ever-present. Phishing, malware, and other cyber threats pose serious risks to our personal information, financial security, and overall online well-being. In this Internet Safety 101 guide, we'll explore key strategies to help you navigate the online landscape securely and avoid falling prey to cyber criminals.

Understanding the Threats:

Before we delve into preventative measures, it's crucial to understand the common types of cyber threats you may encounter:

• Phishing: Cybercriminals attempt to trick individuals into divulging sensitive information, such as usernames, passwords, or financial details, by posing as trustworthy entities.
• Malware: Malicious software designed to harm or exploit your computer system, steal information, or gain unauthorized access.
• Social Engineering: Manipulative tactics aimed at exploiting human psychology to deceive individuals into divulging confidential information.

Strengthen Your Passwords:

A strong password is your first line of defense against cyber threats. Follow these tips to create robust passwords:

• Use a combination of uppercase and lowercase letters, numbers, and special characters.
• Avoid easily guessable information, such as birthdays or names.
• Regularly update and change your passwords across various accounts.

Keep Software Updated:

Cyber attackers often exploit vulnerabilities in outdated software. Ensure your operating system, antivirus programs, and applications are regularly updated to patch potential security flaws.

Consider enabling automatic updates whenever possible to ensure timely protection against emerging threats. Additionally, be proactive in checking for updates from trusted sources and applying them promptly. Regularly updating your software not only enhances security but also improves overall system performance, providing a more robust and resilient digital environment. By staying vigilant and maintaining up-to-date software, you fortify your defenses against potential cyber threats and contribute to a safer online experience.

Be Wary of Suspicious Emails and Links:

Phishing attacks often occur through deceptive emails and links. Be cautious when:

• Opening emails from unknown senders.
• Clicking on links or downloading attachments from unfamiliar sources.
• Verifying the legitimacy of unexpected requests for sensitive information.

Install Reliable Security Software:

Invest in reputable antivirus and anti-malware software to provide an extra layer of protection against online threats. Regularly update and run scans to detect and remove potential threats. Regularly update and run scans to detect and remove potential threats. When choosing security software, opt for well-known and trusted brands with a proven track record in the industry. Consider features such as real-time scanning, firewall protection, and automatic updates to ensure comprehensive coverage. Remember that the effectiveness of your security measures depends on the quality of the software you install. By investing in reliable security tools and keeping them up to date, you significantly bolster your defenses against malware, phishing attempts, and other cyber threats, promoting a safer digital experience.

Enable Two-Factor Authentication (2FA):

Two-factor authentication adds an extra layer of security by requiring a secondary verification step, such as a code sent to your mobile device. Enable 2FA wherever possible to enhance your account security.

Additionally, consider using authenticator apps or physical security keys for 2FA, as these methods provide an added level of protection compared to SMS-based authentication. Authenticator apps generate time-sensitive codes directly on your device, reducing the risk of interception by potential attackers. Investing a few extra moments to set up and use these advanced 2FA methods significantly strengthens your defense against unauthorized access and protects your sensitive information from potential cyber threats.

Educate Yourself and Stay Informed:

Stay informed about the latest cybersecurity threats and best practices. Understanding the evolving landscape will empower you to make informed decisions and recognize potential risks.

Consider subscribing to newsletters from cybersecurity organizations or tech news outlets to receive timely information about emerging threats. Continuous education empowers you to make informed decisions, recognize potential risks, and adapt your security measures accordingly. By dedicating time to educate yourself on the dynamic landscape of cybersecurity, you position yourself to be more proactive in safeguarding your digital assets and personal information.

Secure Your Wi-Fi Network:

Ensuring the security of your Wi-Fi network is paramount in safeguarding against unauthorized access and potential cyber threats. Start by setting a strong, unique password for your Wi-Fi router, combining a mix of uppercase and lowercase letters, numbers, and special characters. Regularly update your router's firmware to benefit from the latest security enhancements provided by the manufacturer. Change default login credentials to thwart potential attackers who might exploit default settings. Consider using the latest encryption protocols, such as WPA3, to protect your network traffic. Monitoring connected devices and employing MAC address filtering can add an extra layer of control over who accesses your network. By implementing these measures, you not only prevent unauthorized access to your internet connection but also create a more secure digital environment for all your connected devices.

Related Reading: Malicious emails and how to defend against them

In conclusion, in this day and age, practising internet safety is paramount. By staying vigilant, adopting strong security practices, and being aware of potential threats, you can significantly reduce the risk of falling victim to phishing, malware, and other cyberattacks. Safeguarding your online presence is not only a personal responsibility but a crucial step in building a more secure and resilient digital community. Take control of your online safety today and navigate the digital world with confidence.