Cyber Security Awareness Month – Suspicious Emails

Share this

As you may know, October is Cyber Security Awareness month. Being an IT Security Professional, I wanted to use this month to provide a series of posts that provide tricks and tips on how to better protect yourself and your organizations. Each week, I will provide a specific theme in my posts and videos.

Week One, the focus will be on Employee Awareness. I chose this as I believe employees are not only the first line of defense but can often be the weakest link and most value tool to protect the organization. Understanding what is out there and how threat actors are trying to gain access is fundamental in defending the front lines.

Dissecting Emails

The first thing I do when examining an email is work my way up from the bottom. In reviewing emails, I ask myself if there is a signature line. Since I do a lot of business to business transactions, it is common to see an organizations signature line in the body of the email.

In this example that I pulled from my SPAM folder, you can see that there is no signature line. This is my first red flag that this email may not be legitimate; strike one. From there I shift my focus up to the email address.

Dissecting a SPAM Email
SPAM E-mail Example

In this case, the email address was from someone I clearly did not know but upon further inspection, I noticed that the domain had an extension of .hn. At first I thought this domain may have come from Hong Kong but I later remembered that the extension is .hk. In doing a quick Google search, I found that .hn is a top-level domain from Honduras; strike two.

At the top of the email is the subject line and perhaps the biggest giveaway (aside from the huge red banner from Google) that this email has fraudulent tendencies. Typically an email will have “Re:” in the subject line when you have previously corresponded to that message. I know that I had not so…..strike three.

What is more curious, is that the email spells the word “Inquiry” with the British English version “Enquiry”, but this email was supposedly from Honduras which is primarily Spanish speaking with some pockets speaking Creole English. That’s not to say that there are not any British in the region, but just solidifies the suspicion.

Taking Action on Suspicious Emails

Now I don’t want to get ahead of my future posts on technical controls as I want to dedicate an entire week to various technologies and tools that can help improve overall security but as an employee there are a few practical steps you can take when faced with a similar threat.

First, if the email is from an address that you do recognize but the contents of the email and the body are suspicious, I would recommend calling your contact with a good last known phone number (not the one in that suspicious email) and ask them directly if they sent you that email. There is a good chance that they did not know that their email was compromised.

Many organizations have a specialized team that handles SPAM and/or suspicious emails. They go by many names but often are referred to as the Cyber Security Incident Response Team or CSIRT. If they have set up a dedicated email or button to use on emails that are suspicious, use it; otherwise forward them the email for analysis. They should be able to tell you more or less if the email is legitimate.

If your organization does not have a CSIRT, then it may be best to speak with a manager and then delete the email. Do not under any circumstances respond to the email, open any attachments or click on any links unless you are certain that the email is legitimate. Doing so can place you on an endless SPAM campaign, can cause instabilities to your systems or worse, you could be the next person responsible for introducing a ransomware malware into the corporate environment.

Remember, when in doubt, rule it out.


To support this blog, this post may contain affiliate links. Please read our Privacy Policy for more information.
For over 20 years, I have had the distinct opportunity to work in the Information Technology space under a variety of distinct roles. My unique position has helped me become a risk management Maven for Fortune 500 and Small Business Companies around the world. For the last 12 years, I have assisted Small Business Owners and Insurance Agency understand the impacts of Cyber Incident exposures and what steps to take to help mitigate potential data breaches. My desire to expand my reach related to cyber security has led me to establish the Sage Knows IT blog as a way to help Small Business Owners and aspiring Information Technology (I.T.) Professionals better understand the road-maps of I.T. through the experiences I have had. Information Technology and Information Security is the future of our world and I hope this blog will inspire those that are interested in joining our ever involving field.

Related Posts

Investigating the FAA Outage: Separating Fact from Fiction

On January 11th, the Federal Aviation Administration (FAA) experienced a nationwide outage that caused widespread delays and cancellations for flights across the United States. The outage was caused by a problem with the FAA’s NOTAM (Notice To Air Mission) system.

NOTAMs are messages issued by the FAA to provide pilots with important information about flight restrictions, hazards, and other critical information. The NOTAM system is a critical component of the FAA’s air traffic control infrastructure, and the outage caused a ripple effect throughout the entire aviation system.

Creating Your Wireless Workspace in 2023

As more and more of us work remotely or from home, having a wireless workspace has become increasingly important. Not only does it allow for greater flexibility and mobility, but it can also help declutter your desk and make your work environment more efficient.

Failing Exams: How to Turn Failure into an Opportunity for Growth

One of the most valuable lessons I have learned is that failing an exam is not the end of the world. In fact, it can be a crucial step in the learning process. When we fail, it forces us to take a step back and assess what went wrong.

What Is Symmetric Encryption? [VIDEO]

Symmetric Encryption is an algorithm that uses the same secret key to both encrypt and decrypt plaintext into ciphertext….

Sage Knows IT: The Future Risks of Smart Contracts

The Future Risks of Smart Contracts

In its simplest form, Smart Contracts are programmable logic (or code) that exists on a blockchain.  It is commonly used to define terms or agreements among parties such as ownership, rights, payment options or business logic.

CIA Triad 2022

Understanding the CIA Triad in 2022

A question I commonly see when individuals are trying to break into the Cybersecurity industry is: What do I need to understand to be successful and make…

Leave a Reply

Your email address will not be published. Required fields are marked *