Unfortunately sometimes there are new viruses or simply new iterations of an existing virus which have the ability to initially bypass anti-virus applications for a finite period of time. In these instances, the only way of prevention is through caution and the effective identification of suspicious items.
The most popular way of spreading malicious content is by sending a fake email appearing to be from somebody else, typically a large trusted corporation, with either an attachment or link to an external website containing the malicious content which can be anything ranging from trivial spam/advertising to very nasty viruses/malware. The end-user trusts the email is from an important/reliable source and therefore opens the attachment/file without hesitation and becomes infected.
Thankfully, these emails tend to have obvious signs they’re fakes and below is a few simple things you can do when receiving an email in the future to ensure it is from an authentic source and is thus reliable.
Check the email address the email was sent from
If you receive an email that claims to be from a particular company/business, always check the email address from which the email was sent. All well-known and established businesses/corporations will send email from their own respective domain names, which typically reflect their business name.
Australia Post for example would most likely send email from their main domain name auspost.com.au meaning a legitimate email from Australia Post should come from an @auspost.com.au address.
Well-known and established businesses/corporations never send email from one of the popular free online email services like Gmail and Hotmail, especially when related to official business items and unsolicited.
Some small businesses however may send email from a free online email service such as Gmail, Hotmail or Outlook, so don’t simply disregard and delete an email because it was sent from one of these providers, just be extra cautious.
The example below shows a fake email which was allegedly sent by Australia Post. You will notice however the email was actually sent from parcel-info@italiatelecom24.org which is obviously not an Australia Post domain – this is a clear indicator of the email being a fake, which generally means it either contains malicious content or plain old spam; in either case, you should simply delete the email.
Note: It is relatively simple for someone to send an email appearing to be from a legitimate business address. So do not always rely on this alone when determining if the email is a fake or not, this is simply the first thing to look at.
Check Attachments
If the attachment contains an executable file (.exe), chances are it’s malicious. There’s generally no reason for someone to be sending you an executable file, especially large businesses – in fact most have business-practices in place which forbid/prevent them from sending executable files via email. If someone has sent you an executable file for no apparent reason, chances are it’s a virus or piece of malware – simply delete the email; you will not get infected unless you run executable file.
Check Hyperlinks
Most modern email servers are configured to block emails/attachments containing malicious files or certain file types via policies and anti-spam/anti-virus software; it is therefore more common for malicious emails to simply contain links to external websites which contain the malicious content – this gives the email a better chance of bypassing an email server’s defences and reaching its intended victim.
This however provides the clearest indicator for identifying a fake/malicious email as the hyperlink will always be fake, unlike the sender address which can be faked (email spoofing) and look legitimate.
Hyperlinks provide the clearest indicator for identifying fake and potentially malicious email as they are impossible to fake.
Before opening any hyperlink, always hover your mouse cursor over it for a moment for it to bring up the dialog box which shows exactly what the URL is. In the example below we can clearly see that this fake email from Australia Post is actually linking to a malicious website in Russia somewhere:
If this were a genuine email from Australia Post the link would contain something like http://auspost.com.au/your_link. You should always avoid clicking fake hyperlinks as simply visiting the website could be enough cause infection via drive-by download.
Note: Since these hyperlinks are impossible to fake, hackers try and make the link look as similar to the real thing as possible, so always read carefully. Using the above example, they may well have tried using a link such as http://austpost.com.au which looks very close to the real thing. Always be aware of this and careful read every hyperlink before you open it.
Check Spelling and Grammar
Often these malicious emails are developed in foreign countries such as China and Russia where English is not their native language and will therefore have very poorly worded English and be filled with both spelling and grammatical errors.
Whilst the odd spelling or grammatical error is feasible, if you come across an email from a large corporation (particularly a seemingly automated one) that is barely legible, there’s a high probability it’s fake and malicious.
Broken Layout
Many corporations send HTML emails containing fancy layouts and imagery to make their emails more appealing on the eye; they may contain things such as logos, buttons and other imagery. The vast majority of the time, when they’re sent by the real company, they appear as they should. If your email has lots of broken links and missing imagery, whilst it isn’t a clear indicator, it can hint at the email potentially being fake.
Unsolicited Email
Received an email from Australia Post saying your parcel couldn’t be delivered, but you’re not expecting a parcel? Received a court order from the Australian Federal Police for speeding, but you don’t own a car?
If you receive an email from a company you’ve never dealt with before or under the pretence of a seemingly non-existent item – there’s a good chance it’s fake and malicious.
Note: Always take into consideration who would and wouldn’t have your email address. Sometimes it may be a simple case of “there’s no way the Roads and Maritime Services would know my business email address” which can usually assist in identifying the email as fake.
Err on the side of caution
When in doubt, simply delete! Whilst in many ways email is a fairly reliable source of communication, the biggest caveat is that it’s usually very difficult to ensure whether or not it has actually received its intended recipient. Yes, there are ways around this by requesting read receipts, but this is uncommon and in many instances people can simply not send the read receipt.
Particularly when dealing with larger corporations and transactional-type emails; if someone has sent you a legitimate email and not received an appropriate response, more often than not they will eventually follow-up by contacting you directly.
Using our aforementioned Australia Post example; hypothetically if it were a legitimate email and we ignored it – Australia Post would inevitably attempt to contact us directly to discuss the parcel.
In many instances it’s also simple enough to contact the company yourself directly and question the item. Again, using Australia Post as an example – simply give them a call directly and make an inquiry about the said parcel.
With approximately 200 billion emails being sent and received throughout the world every single day, and with that number expected to progressively rise over the coming years, the likelihood of receiving a fake/malicious email is an ever-increasing concern for consumers and corporations alike. And whilst technology continues to improve and provide better protection from such concerns, so too does the technology the bad-guys use and from time-to-time the only way of prevention is through effective end-user identification and eradication.