Cyber Security Awareness Month – Suspicious Emails

Share this

As you may know, October is Cyber Security Awareness month. Being an IT Security Professional, I wanted to use this month to provide a series of posts that provide tricks and tips on how to better protect yourself and your organizations. Each week, I will provide a specific theme in my posts and videos.

Week One, the focus will be on Employee Awareness. I chose this as I believe employees are not only the first line of defense but can often be the weakest link and most value tool to protect the organization. Understanding what is out there and how threat actors are trying to gain access is fundamental in defending the front lines.

Dissecting Emails

The first thing I do when examining an email is work my way up from the bottom. In reviewing emails, I ask myself if there is a signature line. Since I do a lot of business to business transactions, it is common to see an organizations signature line in the body of the email.

In this example that I pulled from my SPAM folder, you can see that there is no signature line. This is my first red flag that this email may not be legitimate; strike one. From there I shift my focus up to the email address.

Dissecting a SPAM Email
SPAM E-mail Example

In this case, the email address was from someone I clearly did not know but upon further inspection, I noticed that the domain had an extension of .hn. At first I thought this domain may have come from Hong Kong but I later remembered that the extension is .hk. In doing a quick Google search, I found that .hn is a top-level domain from Honduras; strike two.

At the top of the email is the subject line and perhaps the biggest giveaway (aside from the huge red banner from Google) that this email has fraudulent tendencies. Typically an email will have “Re:” in the subject line when you have previously corresponded to that message. I know that I had not so…..strike three.

What is more curious, is that the email spells the word “Inquiry” with the British English version “Enquiry”, but this email was supposedly from Honduras which is primarily Spanish speaking with some pockets speaking Creole English. That’s not to say that there are not any British in the region, but just solidifies the suspicion.

Taking Action on Suspicious Emails

Now I don’t want to get ahead of my future posts on technical controls as I want to dedicate an entire week to various technologies and tools that can help improve overall security but as an employee there are a few practical steps you can take when faced with a similar threat.

First, if the email is from an address that you do recognize but the contents of the email and the body are suspicious, I would recommend calling your contact with a good last known phone number (not the one in that suspicious email) and ask them directly if they sent you that email. There is a good chance that they did not know that their email was compromised.

Many organizations have a specialized team that handles SPAM and/or suspicious emails. They go by many names but often are referred to as the Cyber Security Incident Response Team or CSIRT. If they have set up a dedicated email or button to use on emails that are suspicious, use it; otherwise forward them the email for analysis. They should be able to tell you more or less if the email is legitimate.

If your organization does not have a CSIRT, then it may be best to speak with a manager and then delete the email. Do not under any circumstances respond to the email, open any attachments or click on any links unless you are certain that the email is legitimate. Doing so can place you on an endless SPAM campaign, can cause instabilities to your systems or worse, you could be the next person responsible for introducing a ransomware malware into the corporate environment.

Remember, when in doubt, rule it out.

To support this blog, this post may contain affiliate links. Please read our Privacy Policy for more information.
Drawing on over two decades of experience in the Information Technology industry, I have acquired a diverse range of roles that have shaped my distinctive outlook. Through this journey, I have developed into an accomplished authority in risk management, catering to Fortune 500 companies and small businesses on a global scale. Over the past 12 years, my primary focus has centered on empowering small business owners and insurance professionals to comprehend the ramifications of cyber incidents and effectively mitigate the risks associated with potential data breaches. My passion for cybersecurity has inspired me to create the Sage Knows IT blog. Through this platform, I aim to help small business owners and aspiring IT professionals understand the roadmap of the IT industry based on my experiences. Information Technology and Information Security are crucial for our future, and I hope my blog will motivate those who are interested in joining this ever-evolving field.

Related Posts

Maximizing Email Security: Understanding the Importance of DKIM, SPF, and DMARC

Email is a crucial part of our daily lives, but unfortunately, it’s also a popular target for cybercriminals who use various tactics like spam, phishing, and spoofing to scam people. The FTC recently issued a warning to users of MetaMask and PayPal about phishing scams that are currently circulating through fake emails. The scam claims that the user’s cryptocurrency wallet has been blocked and encourages them to click a link and update their wallet to prevent the loss of their crypto. To protect email users from these threats, authentication protocols like DKIM, SPF, and DMARC are strongly recommended.

Top 10 Cybersecurity Job Sites

Top 10 Job Sites for Cybersecurity Professionals

As the world continues to rely heavily on technology, the demand for cybersecurity professionals continues to grow. Cybersecurity jobs offer high salaries, job security, and a wide range of career options. However, finding the right job can be challenging.

Investigating the FAA Outage: Separating Fact from Fiction

On January 11th, the Federal Aviation Administration (FAA) experienced a nationwide outage that caused widespread delays and cancellations for flights across the United States. The outage was caused by a problem with the FAA’s NOTAM (Notice To Air Mission) system.

NOTAMs are messages issued by the FAA to provide pilots with important information about flight restrictions, hazards, and other critical information. The NOTAM system is a critical component of the FAA’s air traffic control infrastructure, and the outage caused a ripple effect throughout the entire aviation system.

Creating Your Wireless Workspace in 2023

As more and more of us work remotely or from home, having a wireless workspace has become increasingly important. Not only does it allow for greater flexibility and mobility, but it can also help declutter your desk and make your work environment more efficient.

Failing Exams: How to Turn Failure into an Opportunity for Growth

One of the most valuable lessons I have learned is that failing an exam is not the end of the world. In fact, it can be a crucial step in the learning process. When we fail, it forces us to take a step back and assess what went wrong.

What Is Symmetric Encryption? [VIDEO]

Symmetric Encryption is an algorithm that uses the same secret key to both encrypt and decrypt plaintext into ciphertext….