Social Engineering Red Flags
The From Line
- I don't recognize the sender's email address as someone I ordinarily communicate with.
- This email is from someone outside my circle of friends and family and it’s not something we emailed about before.
- This email was sent from someone inside my circle of friends and family or from a vendor, but is very unusual or out of character.
- Is the sender's email address from a suspicious domain? (like micorsoft-support.com)
- I don't know the sender personally and they were not vouched for by someone I trust.
- I don't have any relationship and no past communications with the sender.
- This is an unexpected or unusual email with an embedded hyperlink or an attachment from someone I hadn't communicated with recently.
The To Line
- I was cc’d on an email sent to one or more people, but I don’t personally know the other people it was sent to.
- I received an email that was also sent to an unusual mix of people. For example a seemingly random group of people whose last names start with the same letter or a whole list of unrelated addresses.
- Did I receive an email that I normally would get during regular daytime hours, but it was sent at an unusual time like 3 a.m.?
- Did I get an email with a subject line that is irrelevant or does not match the content?
- Is the email message a reply to something I never sent or requested?
- Is the sender asking me to click on a link or open an attachment to avoid a negative consequence, or to gain something of value?
- Is the email out of the ordinary, or does it have bad grammar or spelling errors?
- Is the sender asking me to click a link or open up an attachment that seems odd or illogical?
- Do I have an uncomfortable gut feeling about the sender’s request to open an attachment or click a link?
- Is the email asking me to look at a compromising or embarrassing picture of myself or someone I know?
- I hover my mouse over a hyperlink that’s displayed in the email message, but the link to address is for a different web site. (This is a big red flag.)
- I received an email that only has long hyperlinks with no further information and the rest of the email is completely blank.
- I received an email with a hyperlink that is a misspelling of a known web site. For instance, in www.bankofarnerica.com the “m” is really two characters “r" and "n”.
- The sender included an email attachment that I was not expecting or that makes no sense in relation to the email message. This sender doesn’t ordinarily send me these types of attachments.
- I see an attachment with a possibly dangerous file type. The only file type that is always safe to click on is a .TXT file.)
There are a few specific things to look for in emails which can help you determine if they are legitimate:
1) Confirm that the email address - not simply the name associated with it - is accurate
2) Look for misspellings or proper names that are not capitalized, and
3) Determine if the email is written in a way that would be expected from that individual, e.g. the use of a formal name when they always use a nickname.
Below is a guide for determining if an email is a phishing attempt or legitimate, one of the safest ways to determine if an email is legitimate is to contact the purported sender to confirm whether an email was sent from them or not.
* Courtesy of KnowBe4, LLC.
Here is a list of some additional resources you can use to learn more about Social Engineering, Phishing, Malware, and Scam emails: