Malicious emails are on rise and a single email could cost you so much. Many online survey says that 90% of successful online compromise happens through emails. Hence we should be extra careful in opening an email which we didn’t expect or look suspicious.
Here is a screenshot of one of the spam, which is posing an email from Biggest Indian Government Bank ‘SBI’, They generally use sbi.co.in for email sending.
These are few best practices for suspicious email.
- Check for From/Sender Email address and Domain of the email.
- In above example domain is @digi.mailscart.com but SBI do not have this domain registered with them.
- Don’t forget about ASCII and Unicode Characters because these two letters unicode (á) and ASCII (a) aren’t same and these days domain regstratss are allowing registration of unicode character and spammers are creating look-alike domains to trick users.
- e.g. apple.com and ápple.com aren’t same.
- Always be suspicious if email body or subject says ‘urgent‘, ‘wire transfer‘ ‘help‘ words.
- Turn off automatic images download on all types of mail client.
- Many bulk email senders and spammers are using ‘tracking pixel’ in an email, which are very small in size but those can report back that email has been delivered and sender will know that they sent an email to correct email address.
- If possible do not reply/open such suspicious emails on mobile, because it is easy to miss very small clues on mobile.
- Look for Typos in email, Financial institution and well reputation organizations are very careful on customer emails and it is hard that they will make typos in email.
- Be careful about the hyperlink in an email.
- Don’t fall pray to unsubscribe urls in an email.
What to do if i see that email is malicious.
- Copy the url without clicking on it and check url reputation on these two website, These aren’t full proof but someone else may have reported if urls are malicious.
- If sender domain in my example was @sbi.co.in then also i wouldn’t have relied on it. Email technology allow spoofing of sender address and anyone can easily spoof sender domain. Hence you would have to check on other parameters as we discussed above to determine legitimacy of an email.
- Check Email Header to determine origin (public ip) of an email.
- Different provider, email client shows header differently.
- Here is the article from Gmail to look for headers https://support.google.com/mail/answer/29436?hl=en
Thank you for reading. I will publish another article with more best practices.