Cybersecurity Handbook
Chapter 5

How to Recognize and Avoid Email Fraud

Do you know how to recognize a fraudulent email? Are you SURE??

You probably think that a good indicator is when the email lands in your spam box. Or maybe you’re not fooled when a rich heir from some faraway place asks for your help in exchange for an impressive sum that will be deposited in your bank account.

Some types of scams are very easy to spot. But sometimes, emails that don’t look suspicious can sneak into your inbox. That’s when the real challenge begins. 

Fortunately, there are many ways to recognize fraudulent emails and avoid the adverse effects.


What are the risks?

A fraudulent email can have many functions and relate to different attacks. The three main ones are:

  • phishing and scams: In these emails, someone is trying to get you to divulge personal information (personal information, passphrases, etc.).
  • Trojan emails: They encourage you to download malware hidden in links or attachments.
  • spam: This is unsolicited email often sent for commercial purposes.

If you want to know more about different types of scams, please consult the following link.

In each of the three attacks, the scammers will usually try to create a sense of urgency, danger, or enthusiasm (CONGRATULATIONS!!! You just won a free cruise!!!) so that their target fails to apply the “common sense” required in the situation. 

Here is some advice: Take a deep breath, take the type to analyze the email, and ABOVE ALL, consult the next section! Most likely you haven’t won a free cruise ...

Opening an email without any risk 

It’s generally safe to open an email to analyze its contents. The only precaution you must take is NEVER click on a link or open an attachment. 

It’s perfectly fine to read the text of the email and analyze the sender’s address.

BUT IN CASE OF DOUBT (even if slight), NEVER CLICK ON ANYTHING. 

Verify the origin of the message

The first step is to verify the origin of the message. Do you know the sender’s address? Are their name and email address spelled correctly? For example, an email from “Aple” or “Amazone” is (very, very, VERY) likely to be fraudulent.

Analyze the email address

Next, look closely at the email address itself. It’s always possible to show the details of the sender. If the address doesn’t resemble service@apple.com, but rather damekjptxmpsprokop@hislult.com, it’s (highly) likely that it’s a fraudulent email.

Be careful, emails with real addresses can also be fraudulent. Some addresses might change just one character to appear more credible. There have also been cases in which fraudulent emails were sent from a real address that had been hacked.

Don’t click. Don’t open the attachment

If you have any doubt about the email address or contents, you must first make sure NOT TO CLICK ON ANYTHING OR OPEN ANY ATTACHMENT. Once more: scammers will often try to create a sense of urgency so that you ignore all your knowledge and good practices. Any situation, even the most urgent one, can wait for a few minutes.

Validate through another communication channel

If the email address seems valid, do a Google search on the URL address provided (without clicking on any link, if it’s asking you to change your password for example) in order to validate the legitimacy of the website. If it’s a known malicious website, it will likely be documented by experts.

Keep ALL personal information (access, passphrases, PIN, bank account number) to yourself, at all times. If the email in all likelihood comes from a person you know, take the time to contact this person through another communication channel to make sure that the message is legitimate. 

Go a step further and train your team!

Different tools are available to teach you how to recognize fraudulent emails properly. You can find them here. 

We also recommend this fun little game if you wish to learn without having to do a lot of reading while also reviewing certain notions related to passwords and coding (if you have the spirit of a programmer!).


Recap

  • Don’t open links or attachments in suspicious emails.
  • Verify the sender’s information.
  • If a suspicious message (email or text, etc.) comes from a legitimate sender, validate with the sender through another communication channel (and use the opportunity to ask them to avoid sending you such suspicious-looking messages).
  • Keep all your personal information private and far away from any email!
  • Get some training so you can better recognize spam.

Useful links

Chapter 6 BYOD All the Chapters