Email hacking takes place throughout the world every day. You may be familiar with the email attack that occurred in 2016 during the presidential election. John Podesta suffered a phishing attack which led to the release of a decade’s worth of emails. The hacker posed as Google and alerted Podesta to change his password because of suspicious activity on his account. By clicking on the link within the email, hackers were granted full access to his inbox.
Situations like this happen more often than you may think. People are tricked into giving hackers information because they are not aware of the warning signs to look out for. Here is a list of 7 red flags to be aware of in an email that will help you identify potential threats.
1. “From” Line
The first thing to pay attention to is the address you are receiving an email from. Pay close attention to the sender because the person may appear to be someone you know but in reality, it could be a spoof. Hackers understand that people are more likely to trust an email from someone they can recognize, which is why they make the email address appear to be from an existing contact.
Real Email: firstname.lastname@example.org
Spoofed Email: email@example.com
Notice that an “l” is missing from “wellsfargo” in the spoofed email, therefore it appears legitimate but the domain is not accurate.
2. “To” Line
Sometimes the hacker will send an email to multiple people. If you do not personally know the other people in the “to” line or you are being cc’d on a strange email, do not trust it. This is the second aspect of an email to pay attention to in order to detect email fraud and prevent email hacking.
Always be cautious of clicking on embedded links within an email unless you are sure it is from a trusted source. Before you click on a link, you can hover over it with your mouse to see the destination URL before you click on it. If the URL is different from where the text says, you should not click on the hyperlink.
Consider the time you receive an email and compare it with the normal time you receive similar emails. Do you generally get a notification from the CEO of your company at 2 a.m. ? If not, this can indicate a potentially spoofed email.
If the subject line seems fishy, such as “Need wire transfer now” or “Change password immediately”, validate the source before you take any action. The subject may also be irrelevant or not on topic with the rest of the email.
Never open attachments that you are not expecting. If a sender doesn't normally send you attachments, this is a sign that it could be a fraudulent email. In addition, if the attachment has a strange file type such as .exe or a duplicate file type such as .xls.xls you should not download or open it.
The sender may be urging you to update your information or change your password in order to avoid a consequence, which instills fear and prompts action. This is another method to look out for as hackers use this to trick you. In addition, if the grammar or spelling are incorrect and the email seems out of the ordinary, confirm the legitimacy before you open links or download files.
These are 7 red flags to look out for when examining an email. Never click on links, download files, or transfer money unless you are sure the email is legitimate. We recommend a two-step verification process to establish validity. For example, if you receive an email from your CEO requesting a wire transfer, we recommend you also confirm via phone or in person. This two-step verification process validates the sender through multiple mediums.
It is important for all businesses to take email hacking seriously. Hackers attack corporations and individuals, so understanding social engineering methods in addition to having proper spam filters and firewalls installed is crucial for the security of your business. For more information or if you have any questions regarding training and security, reach out to us here or give us a call at (888) 640-9955.