Four Simple Ways to Spot Malicious Emails

Scammers and hackers have been stepping up their game when it comes to sending malicious emails. They’re making convincing emails that look just like real messages from your bank, your boss, or even your favorite online store. They’re spoofing real email addresses, personalizing messages with stolen info, and slipping right on past spam filters.

Here are our top tips for spotting malicious emails:

1. Check the Sender’s Email Address and Domain

Take a closer look at the sender’s email address, especially the domain. Scammers will often use domains that look legitimate at first glance, but are slightly off in minor ways. 

Here are some examples of how a scammer might “spoof” our email address: [email protected].

• Substituted Characters: [email protected] 

• Misspelling, Missing Characters, or Extra Characters: [email protected]

• Public Email Domain: [email protected]

• Different Domain Extension: [email protected]

2. Scrutinize Links and Attachments

With the awareness that scammers are increasingly crafty, be suspicious of links and attachments. Opening an email is rarely dangerous, but clicking on something is where things get sketchy. Many of these links will open a legitimate looking form or login page. This is how malicious actors collect your sensitive information like account numbers or login credentials. 

Before clicking, hover over links and attachments to see if the URL matches the expected destination. When in doubt, avoid clicking altogether. 

3. Analyze Spelling, Grammar, and Tone

During the early days of email, it was pretty easy to spot something malicious if it had misspellings, typos, or poor grammar. Many scammers are from non-English-speaking countries so they use spell check or translation software to craft their messages.

But AI is making it easier to craft convincing emails. If an email from a supposedly professional organization contains glaring errors, that could be a red flag but it’s not always fool-proof.

Be on the lookout for subtle hints that something isn’t quite right. These emails often use awkward phrasing that doesn’t match the sender’s usual tone or communication style. So ask yourself the following questions: 

• Does this email sound like it actually came from the person it claims to be from?

• Is the language unusually formal or robotic?

• Is the greeting impersonal or generic?

4. Beware of Urgent or Unusual Requests

A final red flag to look for is a sense of urgency. Malicious emails often contain urgent requests and demands designed to pressure you into acting quickly without thinking. Scammers are hoping to make you panic and abandon your usual caution. Whether it’s a fake invoice that needs an immediate payment, a request to update login credentials, or a supposed security alert requiring swift action. 

These emails might also pressure you to bypass normal procedures, such as skipping approvals or keeping the request confidential. Remember: Legitimate organizations and individuals won’t threaten you into taking immediate action, even if a request is urgent.

What do you do if you receive a suspicious email?

If an email seems sketchy, here’s what you can do next:

• Forward the email to your IT team, security team, or trusted IT partner and let the experts make the call.

• Verify the sender and the contents of the message through a separate, trusted contact method — ideally, call the sender on the phone or talk to them in person.

• If the message is from a financial institution or software provider like PayPal, Microsoft, or Google, go directly to their official website and log in there to see if the alert was legitimate.  

At Grand Consulting, our clients often forward suspicious emails to us. We help them determine their legitimacy then adjust their security settings, if necessary.

If you’re looking for expert guidance to strengthen your email security and train your team to recognize malicious emails attempts, contact us.