3aIT Blog

As important as keeping your devices up to date with all the latest security updates is (and this really is important), the biggest weak point in any device's defenses is almost always us, the users. Our HowTo this month lists some things to look for in emails that might indicate they're not what they appear to be.

Check the Email Address

This is usually the biggest giveaway. It's very simple to spoof someone's email address. You can put whatever "From" name and email into your email setup that you like, and those superficial things do appear at the recipient's end. However, what they can't hide is the actual address it was sent from. Sometimes it will be very obvious - a from email of some random string of text @gmail.com rather than the usual address of whoever they're purporting to be. It's worth noting though that in some cases, scammers will buy a domain that looks very similar to the expected one to try and fool people - eg replacing an l with a 1.

It's also worth noting here that even if the email address checks out, that is not a complete guarantee that the email has been sent by the person in question. It's possible someone's managed to gain access to their account and send scam emails that way.

Look for spelling and grammar errors

This is another easy to spot indicator, especially in emails that are claiming to be from official organisations. While it's possible a single spelling error might creep into a genuine templated email from Amazon, Royal Mail and similar, it certainly won't be littered with them, which many of these scams are. For those that wonder why such an easy to fix thing appears in these scams, it has been speculated that it's deliberate. The logic being that if they hook someone that's fooled by something that's obviously fraudulent by design, they know they're already onto a winner in terms of being able to scam that person - the spelling errors act as a sort of "easy mark" filter for the scammers.

Beware of urgent requests

A lot of scam emails will use a time threat to get you to reduce your defences. These often appear as emails from your boss or accounts department or similar asking for quick action to spend some money on something and send it to them. This will sometimes be accompanied with a reason not to ring them to verify it - they've been called away on some urgent business or another. Basically, the idea here is to panic you into doing the wrong thing. If it passes all the other checks, it's worth trying to contact the person who "sent" it by some other means, even if they've suggested not to in the email - by phone, Teams, Slack etc. At the very least, maybe check with someone familiar with their schedule and see if the info checks out.

If in any doubt, do not click any links or download any attachments

This is a big one. In the case of attachments, always question why it's there, even if it's from a trusted sender. Are you expecting this? There's flaws in all software that can be exploited. Word, Adobe Reader, Windows, MacOS and everything in between. Attachments sent by scammers will be targeting one or more of these flaws, and depending on the severity, it could completely compromise your system and in the worst cases, also spread across your network. Clicking on a dodgy link is unlikely to do this immediately (although it is possible in the worst cases). More often, these links will be to a page set up to try and extract confidential information from you - usernames. passwords or perhaps less sensitive info that could be used to construct a more effective scam at a later date.

Check the email's tone

This is a subtle one, but often the most effective check. Does this email read like it's been sent from the person it appears to be from? Ignore things like company signatures - they can be copied and pasted by a scammer in seconds. It's more the style of writing that you're looking at. Most people have an identifiable writing style that isn't "right" or "wrong", but would be very hard for a scammer to replicate unless they constructed a very targetted attack. So the question isn't just "Is this something this person would ask me to do", but "Is this how they would ask it". Does it follow your company process? Is it something they've ever mentioned before? Does their sentence structure look like it usually does? The more unusual the request, the higher the bar you should set for this one.

Verify the information

If you're in any doubt at all, get others involved. A lot of scams rely on a single person not wanting to "ask silly questions" and act on their own. Certainly from an IT Support perspective, we'd much rather check an email you're not sure about for you than have to deal with the fallout from some cryptolocking malware! The same goes for requests that are apparently internal to your company. Ask around - has anyone else had this? If not, why not? Talk to people around you if you're in the office or message them if you're out. If "looking silly" is what you're worried about, then this will be far worse if your company network gets attacked, you send funds to a scammer or you give your password away!