Unsolicited emails that prompt you to click on an attachment should always raise a red flag when you're checking your inbox. But classic email phishing scams still lure unsuspecting users into downloading malicious items and giving up their login information every day.
Below is a quick checklist of “red flags” that should give you pause with any email you receive:
- The sender isn’t someone I usually communicate with.
- The email is from someone outside my company and not related to my job duties.
- The sender is someone inside my company or a customer/vendor/partner but is very strange and out of character.
- The sender’s email is from a suspicious domain (like micorsoft-support.com).
- I don’t know the sender and they’ve not been vouched for by someone I trust.
- I don’t have a business relationship nor any past communications with the sender.
- This is an unexpected or unusual email with an embedded hyperlink or an attachment from someone I haven’t communicated with recently.
- I was cc’d on an email sent to more than one person, but I don’t personally know the other recipients.
- I received an email that was also sent to an unusual mix of people. For instance, it might be sent to a random group of people at my company whose last names start with the same letter, or a whole list of unrelated addresses.
- Normally I would have received the email during regular business hours, but it was sent at an unusual time like 3am.
- The subject line is irrelevant or does not match the message content.
- The subject is a reply to something I never sent or requested.
- The sender asking me to click on a link or open an attachment to avoid a negative consequence or to gain something of value.
- The email out of the ordinary, or has bad grammar or spelling errors.
- The sender is asking me to click a link or open up an attachment that seems odd.
- The email doesn’t pass the “gut check” and doesn’t feel right.
- The email asking me to look at a compromising or embarrassing picture of myself or someone I know.
- When I hover my mouse over a hyperlink that’s displayed in the email message, but the link-to address is for a different website. (*This is a big red flag.)
- I received an email that only has long hyperlinks with no further information, and the rest of the email is completely blank.
- I received an email with a hyperlink that is a misspelling of a known web site. For instance, www.bankofarnerica.com — the “m” is really two characters — “r” and “n.”
- The sender included an email attachment that I was not expecting or that makes no sense in relation to the email message. (This sender doesn’t ordinarily send me this type of attachment.)
- I see an attachment with a strange or possibly dangerous file type.
Remember, NEVER reveal personal or financial information in an email, or respond to requests for it.
President/CEO, DE Web Works