Who doesn’t know it, the e-mail inbox is overflowing and you laboriously click through the list of unopened messages. Criminals hope for the one moment when concentration wanes and the thoughtless recipient clicks on the dubious link or infected attachment. Maybe he also discloses confidential data?

Email is the number one gateway for cybercriminals. Unfortunately, there is no such thing as absolute security against viruses and cyberattacks, so it is important that you regularly back up your data and store it outside your computer. Do not use the same password for multiple accesses and keep yourself up to date, e.g. through online training and phishing simulations for Perseus customers.

If the email seems suspicious to you, don’t reply, never click on any links and don’t open any attachments. They alone are the last defense against attacks by criminals, so do not be afraid to contact the sender directly if you are unsure and have the sending of the e-mail confirmed. Do not use the contact details from the e-mail, but those from your address book or from the sender’s official website.

We have put together a small checklist for you to use to check your suspicious emails:

1. Suspicious subject line

Most of the time, you will notice the first inconsistencies in the subject line. The sender’s wording is different from what you are used to. Maybe the topic is surprising and you didn’t expect that this person/organization would write to you about this topic? Then be vigilant and check the rest of the email carefully.

Of course, it can also be the case that the subject line is completely inconspicuous and there is still an attempt at fraud behind the email

2. Conspicuous sender address

Have you only received letters from the recipient so far? So far, you have had no relationship with the sender at all? Something seems strange about the sender address? Then take a closer look.

In particular, check the ending of the sender address, i.e. the part after the @ sign (e.g. info@perseus.de). Do the country code (.de / .net / .org / .com) and the domain (perseus.de) match the usual sender and the official website?

Criminals like to confuse their targets with very similar sender addresses, e.g. infoperseus@gmx.de or info@perseus.net.

Unfortunately, however, it is also possible to credibly falsify the sender address for criminals. Make sure that your email provider supports a method that authenticates sending servers (e.g. DKIM) and thus prevents fake senders from going undetected.

Therefore, you should always listen to your gut feeling and look out for other scam characteristics. If you are unable to clear out your conflict, you should contact the sender directly. Of course, not via the contact details in the e-mail or simply sending a reply, but by using information from your address book or visiting the official website. Confirm the sending of the e-mail in this way.

3. Unusual recipient address

In addition to the sender address, check your own recipient address thoroughly. If, for example, you are unexpectedly contacted on your business e-mail address by your private bank, your personal shopping provider or an old school friend, it could be an attempt at fraud. Always ask yourself, why should this person or organization write to this email address.

As a general rule, do not use your professional e-mail address for private purposes. By strictly separating both mailboxes, you reduce the risk of successful cyberattacks, as criminals have fewer starting points to manipulate them.

4. No personal salutation

Another indication of a phishing email or similar can be the lack of personalization. If you are addressed with generalities (e.g. Dear Customer, Ladies and Gentlemen), although the sender usually calls you by your first and/or last name, then you should be suspicious.

5. Spelling and grammar errors

Lack of knowledge of spelling, grammar, or punctuation can also be a feature of fraudulent emails. Often, the criminals do not come from the recipient country. They then try to translate the whole thing with the help of translation machines or with school language skills. This is often noticeable in the message

6. Unusual language

Also, listen up if the sender suddenly writes to you in another language, such as English, instead of German as usual. Even if he unexpectedly chooses different formulations (e.g. “Siezen” instead of “Duzen”, colloquial language instead of formal expression) than in previous correspondence, you should become suspicious and take a closer look at the e-mail.

7. Artificial pressure

Even if the sender puts you under pressure, it can be a sign of criminal intentions. The form of pressure can vary: time pressure, social pressure, fear of negative consequences, but also positive pressure such as the prospect of winning or getting a promotion. Typical formulations that should make you sit up and take notice are: setting a very short deadline, prohibiting further coordination with colleagues, threatening legal consequences or inability to operate. Don’t let yourself be put under pressure and take your time to get the necessary information.

Example: In a recently disclosed case, an employee transferred a large sum of money to an unknown account. He received a – manipulated – email from the company’s managing director. In it, the employee was asked to transfer the money as soon as possible, but not to call him and not to inform anyone else in the company because it was allegedly a secret company acquisition.

8. Links and attachments (in an unusual context)

You should generally be attentive to the links and attachments it contains. Often you can only tell by small irregularities that they are not trustworthy:

Links

Notice if you recognize the linked domain. To do this, you should hover over the link with your mouse pointer, stop (don’t click!) and take a closer look at the link address that is displayed as the destination. Especially if the linked text pretends to be a destination address that differs from an address displayed in the email body, caution is advised. Here’s an example you can use to see if you can see if the actual destination is different from the link shown: https://perseus.de This link doesn’t point to the displayed address, but actually to bit.ly/2m1aILl

You must also be careful with links that point to pages where you are then supposed to log in, popular targets are online banking sites, shop pages and payment services such as PayPal. It is very common to claim that you have to confirm your password again to avoid financial losses or the like. Often, these login pages are spoofed or compromised to steal your login credentials. Once opened in the browser, it is sometimes difficult to determine whether you are on the right page. It is safer to open the corresponding pages yourself, e.g. via your saved browser bookmarks.

A popular trick is also to fool the recipient into believing that an attachment is supposedly trustworthy. In fact, however, even a purported file attachment only hides a link to a website that tries to infect your computer.
Note that the detection rate of dangerous links by email scanners is significantly lower than the malware detection rate in attachments. Therefore, it does not mean that a link is 100 percent safe if the malware scanner does not find a clue. Maybe the link is just too new or not widespread enough to have been noticed by the Link Scanner.

Email attachments:

Modern cyberattacks regularly spread via e-mails that are sent unnoticed in the name of the infected computers and owners. Attachments are often sent with the same name and type that has already appeared in communication with the recipient. Of course, the Perseus e-mail scanner and an up-to-date virus scanner that runs on the computer help here.

A trained eye can also help

If you have a file extension with .exe, .html, .vbs, bat, .adp, .cpl, com, .wsc and others, you should prick up your ears. These can be programs that hide malware.
Office files (doc/.docx/.ppt/.pptx/.xls/xlsx) can also be infected with malware due to the macros they contain. It is worth taking a closer look at the sender here.
Malware can also be hidden in compressed files (.zip) and videos (.mpg /.avi etc.), which then nestles in your system when opened.
Text files such as .txt and PDFs are usually harmless. However, pay attention to software updates from the provider and be attentive to the links contained therein.

The prerequisite for observing the above points is that your e-mail program displays all file extensions in full. A popular trick is to visually shorten the file extension so that it appears harmless. In the incomplete display, the file appears as follows: “DokumentA.jpg” – this is how it looks harmless. Finally, in the full presentation, you can see the “DokumentA.jpg.exe” threat. Whether the extensions of file attachments are displayed depends on the settings of your e-mail program and your operating system.

Even if the Perseus e-mail scanner does not report any findings, trust your own mind: If you still have doubts despite a careful examination, it is better to consult the sender again. Do not use the contact details from the e-mail, but those from your address book or from the official website. A virus usually does not answer such emails, and you may even be able to help the sender determine that their computer has been infected.

9. Unusual content – asking for confidential information

You are asked for access data by e-mail, the boss asks for a transfer from your vacation or you should confirm a payment with the help of a link? Is an unexpected main prize, a sudden shipping notification or a sudden unsolicited application waiting in your mailbox? These can all be signs of a phishing attempt. If this has never happened before or if you are suspicious of other points, then take a closer look at the message and pay particular attention to the above notes on links and attachments.

10. Eye-catching formatting or design

Completely destroyed the formatting of the email? Are you suddenly using different colors, images and fonts in the design than usual? Then it may be a scam message. Take a closer look at the news.

11. Technical support

Of course, there is also technical support that you can use to screen your emails for malware and phishing links – such as the Perseus email scanner (try it for free now). However, even though the detection rates of most tools are relatively good, you should always take extra precautions.

12. Still unsure? Contact the sender

As mentioned several times: Trust your mistrust. There is no such thing as 100 percent security through technology. With the rapid development of phishing sites and malware, email and virus scanner databases may not always be up to date.

You should therefore not be afraid to embarrass yourself and trust your gut feeling. Do your research and, if necessary, contact the sender directly. To do this, use the information from your address book or from an official website. Everyone will forgive you for this precaution.