Member-only story
- Don't trust the display name of who the email is from.
Just because it says it's coming from the name of a person you know. Be sure to look at email address to confirm the true sender.
- Look but don't click.
Hover or mouse over parts of the email without clicking. If the alt text looks strange or doesn't match don't click on it — report it.
- Check for spelling errors.
Check grammatically correctness than a normal sender would be. Attackers are ofter less concerned about spelling.
- Consider the salutation.
Salutation is vague for example “Respected customer”, or “Dear [insert title here]”
- Is the email asking for personal information?
Legitimate companies are unlikely to ask for personal information in an email.
- Beware of urgency.
Email might be made to sound as if there is some sort of emergency.
- Check the email signature.
A most important email will include a full signature block at the bottom of their email.
- Be careful with attachments.
Attackers might add attachments with a long name or fake icons of pdf or excel that isn't actually the file you think it is.
- Don't believe everything you see.
If something seems fishy, it's better to be safe than sorry. If something is off better to report it.
- When in doubt, contact your SOC.
No matter the time of day or how less important you think. Instead of putting the organization at risk. It is better to be safe and report it If you are doubtful about the email.
