Tip of the Week: 3 Signs of a Fraudulent Email

The majority of modern cyberattacks begin with some form of user manipulation, usually through phishing messages that trick recipients into acting against their own security. While these can be shared in any form, the most well-known is certainly email.

Let’s review a few warning signs that can help indicate that an email message is, in fact, a phishing scheme.

The Name Doesn’t Match the Address

Pay close attention to who the email message is purportedly from. Does the address match any contact information available on the official business website, or is it misspelled or otherwise incorrect? If the latter is the case, this is a sign that the email is malicious in nature.

Be very careful about this, too. It is relatively easy for an attacker to create a new, fraudulent website that closely resembles a real business’ domain, but they retain full control over. Let’s say you received a message appearing to come from a vendor called “ACME Supply.” If the business’ official email comes from “@acmesupply” but the message comes from “@acmebizsolutions,” it could very well be a scam attempt.

Of course, this vigilance should go beyond the address bar, too. Does the branding within the message itself match the address, or are there misspellings or other alterations? These kinds of differences should start raising red flags in your head.

Similarly, the Link Doesn’t Match the Destination

On the topic of links and URLs, many professional email messages will link to other web content. This makes sense, as these emails are first and foremost a marketing tool designed to grab the recipients’ attention and direct them to more of your messaging. As a result, it isn’t odd to see links appearing in emails, which has given today’s cybercriminals an opportunity.

Long story short, some phishing emails will try to steal access credentials by tricking the recipient into logging into a fake site that mimics the real one. They’ll hide the link behind a promising call to action and wait for a bite, banking on the chance that their targets won’t think to double-check where the link goes before they click. You need to prove them wrong.

Similarly to checking that the address bar contains the right URL, you need to check that the link goes where it logically should by hovering your cursor over the linked text. The URL the link directs you to will appear in a small box. If the link itself doesn’t make sense in context, it is almost certainly best not to click.

For example, if “ACME Supply” sends you an email asking you to check out more information on some new business-centric products they have to offer, providing a link, it is always prudent to hover your cursor over it to check. A URL like
“totallynotaphishingattack-dot-com-slash-I-promise,” where you expect
“acmesupply-dot-com-slash-business-solutions,” is another red-flag-raiser.

The Sender is Applying Pressure

Take a moment and consider the tone in which the email itself is written. If the language is designed to strongarm or scare you in any way, pause. This is not how a professional conducts themselves. This is especially the case if they ask you to share access credentials or payment details, as you should never be asked to overlook basic security precautions.

When all is said and done, a large proportion of your security needs can be addressed with simple awareness and proactive reporting. We’re here to help you accomplish this, as well as handle the rest. To find out how Capital Technology Group can assist your business with its overall cybersecurity, give us a call at (501) 375-1111.