Social Engineering Red Flags

There are several components to every e-mail message that must be analyzed to ensure it is legitimate. In this post, we will look at all of them.
From:
- I don't recognize the sender's email address as someone I ordinarily communicate with.
- This email is from someone outside my circle of friends and family and it's not something we emailed about before.
- This email was sent from someone inside my circle of friends and family or from a vendor, but is very unusual or out of character.
- Is the sender's email address from a suspicious domain? (like microsfot-support.com)
- I don't know the sender personally and they were not vouched for by someone I trust.
- I don't have any relationship and no past communications with the sender.
- This is an unexpected or unusual email with an embedded hyperlink or an attachment from someone I hadn't communicated with recently.
To:
- I was cc’d on an email sent to one or more people, but I don’t personally know the other people it was sent to.
- I received an email that was also sent to an unusual mix of people. For example a seemingly random group of people whose last names start with the same letter or a whole list of unrelated addresses.
Subject:
- Did I get an email with a subject line that is irrelevant or does not match the content?
- Is the email message a reply to something I never sent or requested?
Date:
- Did I receive an email that I normally would get during regular daytime hours, but it was sent at an unusual time like 3 a.m.?
Hyperlinks:
- I hover my mouse over a hyperlink that’s displayed in the email message, but the link to address is for a different web site. (This is a big red flag.)
- I received an email that only has long hyperlinks with no further information and the rest of the email is completely blank.
- I received an email with a hyperlink that is a misspelling of a known web site. For instance, www.bankofarnerica.com - the “m” is really two characters – “r & n”)
Attachments:
- The sender included an email attachment that I was not expecting or that makes no sense in relation to the email message. (This sender doesn’t ordinarily send me these types of attachment(s).
- I see an attachment with a possibly dangerous file type. The only file type that is always safe to click on is a .TXT file.
Content:
- Is the sender asking me to click on a link or open an attachment to avoid a negative consequence, or to gain something of value?
- Is the email out of the ordinary, or does it have bad grammar or spelling errors?
- Is the sender asking me to click a link or open up an attachment that seems odd or illogical?
- Do I have an uncomfortable gut feeling about the sender’s request to open an attachment or click a link?
- Is the email asking me to look at a compromising or embarrassing picture of myself or someone I know?
If in doubt, do not click on links, or open attachments - simply delete the e-mail.
|
|