Most people use email on a daily basis, often from many different sources and for different purposes. Companies may implement filters to minimize junk email and spam, but we still should not trust all email at face value. Often illegitimate email can be identified by looking at a number of key areas, here are some tips on what to look for:
1) Inspect the sender.
Do not inherently trust the display name presented to you in your inbox. A sender is easily able to spoof the name shown to you when sending the message, and in some cases can spoof even the domain name. Also check the spelling of all names, for example pcrn.ca looks very similar to pcm.ca - the R and N together at first glance look just like an M.
2) Verify links before clicking on them.
If there are website links present in the body of the e-mail, hover your mouse over them and view where they lead. Inspect the destination carefully to see if it really does lead to where you expect it to. If it sounds odd, it probably is. Be extremely cautious if the displayed link is different from the destination. Do not click on any links, attachments or other items in the e-mail if you believe it to be suspicious.
3) Review signatures, salutations, etc.
If this e-mail was sent from someone within your organization, was it sent with their normal signature and/or greeting? If your company has a standardized signature tailored to each individual, does this message possess such a signature? Does the signature contain a phone number or other legitimate contact information (other than e-mail of course!) where you can reach the sender?
Additionally, is this e-mail addressed specifically to you, or to a vague "dear colleague" or "dear valued customer" or similar? Most e-mails will preface their intended message with, at minimum, your first or last name and title, as a greeting.
4) Be aware of e-mails rely on a sense of urgency and confidentiality
Many illegitimate e-mails will attempt to invoke a sense of fear, urgency, or confidentiality in you. If you receive an e-mail asking you not to tell anyone with urgent instructions, keep your guard up. Furthermore, beware of attention-grabbing subject lines claiming that someone is in dire need of funds to be transferred, "your account has been suspended", "password has been successfully changed" or any other messages along the same vein that attempt to get you to act with immediate haste to remediate a false issue, and in your haste fall victim to their trap.
What should you do?
If you have positively identified an e-mail as illegitimate, the best course of action is to simply delete and ignore it. If you believe that this message might have been sent to other members of your organization, a verbal warning as reminder not to open it might be in order. But that's it. Do not respond, and most importantly do not give up any more personal information than they might already have, as this will only aid their attempts at tricking other users.
Always be skeptical of what you see in e-mails. Phishers are very convincing, and very good at what they do. Just because an e-mail has convincing branding, logos, language, and a seemingly valid e-mail address, does not mean it is legitimate. For assistance with any suspicious emails feel free to contact our experts today.
