PHISHING5 Ways to Tell if an E-mail is Legitimate

In today’s world of scammers and hackers, it’s hard to keep up with all the various ploys on the Internet aimed at stealing personal or corporate information for malicious reasons.

In today’s world of scammers and hackers, it’s hard to keep up with all the various ploys on the Internet aimed at stealing personal or corporate information for malicious reasons.

However, there are some ways to tell if the e-mail you receive is a legitimate communication or if it’s a scam.

THINK CRITICALLY

1

Do not accept that an e-mail is the real deal just because you’re busy, stressed, or have 150 other unread messages in your inbox. Stop for a minute and think about the e-mail.

THINK CRITICALLY1

Ask yourself:• Does the e-mail come from someone I know?• Was I expecting this e-mail?• Are the requests being asked of me reasonable

or plausible?• Does this e-mail employ emotional content

such as fear, greed, or curiosity, or, most important, does it try to get me to take an action (usually urgently)?

THINK CRITICALLY1

LEARN TO HOVER

2

Simply move your mouse over any link, but DO NOT CLICK IT! Just let your mouse cursor hover over the link and see what name comes up.

Does it match the offi cial company website, or would it take you elsewhere?

LEARN TO HOVER2

DECIPHER THE URL

3

DECIPHER THE URL3

you can assume it’s not legitimate.

If the e-mail includes a website address, look at that URL to see if there’s anything unusual.

Amazon.comFor example, if an

e-mail claims to be from

but the URL ends in .ru (a Russian domain and not a real Amazon address),

PRO TIPSThe next two tips are aimed at businesses that are quite large and have dedicated information security staff .

ANALYZE E-MAIL HEADERS

4

E-mail headers tell you how an e-mail got to your address.

If it’s a legit e-mail, the domain from the header should match the domain given in the e-mail. Likewise, the return path and authentication results should match the details given in the e-mail.

ANALYZE E-MAIL HEADERS4

SANDbOx E-MAILS

5

Sandboxing is a term used in the tech fi eld to describe creating an environment where one can run untested or untrusted code. Many large companies use virtual machines to create sandboxes, so e-mail or other applications can be tested to determine whether they’re safe. Some companies sandbox all incoming e-mail and only let through those that are deemed safe and friendly.

SANDbOx E-MAILS5

For more ways to defend against phishing, check out

PHISHING DARK WATERSThe Off ensive and Defensive Sides of Malicious E-mails

by Christopher Hadnagy and Michele Fincher