SecurityCategory

How to spot dangerous emails

7 min read
Judith Kallos
Dangerous Emails Old Mailbox

Editor’s note: The following article is curated from the GoDaddy community. We’ve made some light edits for formatting and clarity. Looking for help with GoDaddy products or getting your business online? Join the community to get answers from other GoDaddy customers

Not reviewing and paying attention to details can cause any business problems. This applies to your incoming emails as well.

Dangerous emails come in many forms.

For every incoming email you need to look at the:

  • From: field. Is this someone you know, may know or a business you are interested in? If not, question everything.
  • Subject: field. Does the subject field make sense? Is it a reply to an inquiry? Is it typed in proper case? If not, probably not credible.
  • Hidden or obscure URLs. Does the email hide the link URL for you to login in order to provide information? Delete!
  • URLs disguised as other websites. Look to the end of the domain name to see what the actual site is. Often hackers will place legitimate URLs in subdomains (e.g. paypal.com.phishingsite.net) to confuse users.

For example, a common scam going around right now is the fake Google Doc invitation. You receive a very legitimate-looking email that invites you to login on a very impressive (but fake) Google login page and view the doc.

Another common technique is to include an attachment in an email and try to persuade you to open it. And if they can’t rely on faking a legitimate email, they’ll rely on other techniques instead.

Look out for emails that trigger your emotions.

Spammers have always had to be creative to get the information they want to exploit. Now more than ever they are skilled at looking legitimate. And if they can't look legit they are trying to play on your emotions.

I'll share with you some of the latest tactics so you can become familiar with what you should look for. If any email lands in your inbox with these traits — you'll know right out of the gate to just hit DELETE!

The Unpaid Invoice trick

Does this look familiar?

yea , we finally did it.
here is the bank confirmation:
bofa_card_statement_support.doc
now f*** off and try not to contact me again or else.

On Feb 6, 2017 at 3:25 AM, support@xxxxxxxxxx.com wrote:
did you send the money? i need the proof

The above uses profanity and a threatening tone to get you riled up enough to hopefully not stop and think before you click on the attachment. The Subject: and supposed previous email from you, reflect your company's email address to make it appear more authentic.

The Fancy Company Overcharge trick

Similar to the above:

Who the f*** are you and why is there a charge from xxxxxxxxxxxx.com on my card?
Here you can view my statement, get back to me asap.

bofa_card_statement_XXXXXX.doc

Thank you
John Doe

If you do eCommerce of any kind this will catch your attention. “Did I incorrectly charge a customer?”

In this example I've received numerous versions where the Subject: field notes different legitimate, big-name consulting companies to add to the effect.

In one case the website of the company name used changed their homepage to note “…we apologize, the emails were not from us. We were hacked.”

Once again, these tactics are using profanity and noting your business website’s domain in an attempt to get you to click on the attachment.

The Legal Threat trick

If concern over an invoice isn’t enough, what about a threat of legal action?

WTF is this?
I got it in my mail today.
subpoena_from_support.doc

my lawyer will call you tomorrow.

Yours,

John Doe
Phone: XXX-XXX-XXXX
Fax: XXX-XXX-XXXX

“Subpeona!? Attorney?! Hurry up and click on that "doc" to see what this is about!”

Don't fall for it! What surprised me with the above is the phone numbers seemed to belong to real people of a different name.

The We Can't Deliver Your Package trick

No threat in this one. Instead, they’re relying on you to mistake this for a routine notification.

Dear Customer,

Your parcel was successfully delivered February 15 to UPS Station, but our courier could not contact you. Please check the attachment for complete details.

Yours faithfully,
Seth Goff,
UPS Senior Delivery Manager

Most businesses get UPS deliveries on a regular basis. If you are expecting a package (or aren’t expecting one, and are just curious) you may instinctively open the attachment. Don’t do it. Just hit delete.

The You Have an eFax trick

You received a new eFax from 212-335-7155

Do folks still use faxes? I used eFax back in the day and wasn’t aware enough folks still used it to warrant a phishing email.

Everything in the email looked legit. All the eFax links when moused-over showed efax.com. The trick here is the link to go download the eFax. When you mouse-over the link the first part shows efax.com — but if you move your mouse over to the end of the link you can see the phishing site you would be sent to.

The Business Complaint trick

Subject: ID 8d6ba737-775e8bdc-f95f16f3-1b460259 – Company Complaint

This message has been generated in response to the company complaint submitted to Companies House.

(CC01) Company Complaint for the above company was accepted on 05/04/2017.

Please check attached documents for more information.

The submission number is id: 8d6ba737-775e8bdc-f95f16f3-1b460259

Please quote this number in any communications with Companies House.

Of course as a business you'll jump if you think there is a complaint lodged against you! You want to know what's in the complaint, so you click on the link before thinking this through.

In my case, mousing-over the company's link reflected a .uk domain. Being I do not do business outside the USA I knew this was a fake out. But, if you do business globally, you may still feel tempted to click on the phishing link. Don't.

Look out for compromised contacts.

One other tactic worth a mention is an email from a known contact — with all their contacts in the To: field, including yours. The content is a single statement about a site or link for you to visit.

You can safely assume your friend/contact has been compromised. In that case, as a courtesy, let them know they've been compromised and to scan their system ASAP.

Always opt for caution over curiosity!

Don’t trust anything. The above are just a handful of examples of some of the trickery I see going on lately. Spammers are going to keep trying to make their emails look legit by mimicking sites you visit or playing to your emotions. Don't fall for that trap!

It is easy for a one-woman show like myself to know that some of these emails just don't apply to my business. But imagine if one of these emails land in the inboxes of larger companies? They might want to check out that attachment instead of deleting or confirming with whomever would be responsible. Just don't do it.

Your best approach is to not trust any email that you don't expect, sounds too good to be true, that you do not recognize the sender or has a communication style that is unusual.

And never, ever click on any attachments or links in these types of emails.

Stay safe with spam filtering, email encryption, and 24/7 expert support. Learn more about Professional Email from GoDaddy

Products Used