Security awareness

Best Practices for Identifying Dangerous Emails

September 18, 2018 by Penny Hoelscher

Disturbing Trends in Email Cyberattacks – the Statistics

Symantec’s 2018 Internet Security Threat Report makes for disturbing reading about malicious email trends:

  • The average user in the study by the end of 2017 had received 16 malicious emails a month
  • A new trend saw the number of malicious URLs (rather than malicious attachments) in emails increasing to 12 percent of malicious emails sent by cybercriminals
  • The Public Administration industry was hardest hit, with the average user receiving approximately 53 email viruses a month
  • Medium-sized enterprises (1,001 to 15,000 employees) appeared to be the largest target, with one in 244 emails containing malware. In this size business, one in three emails received by the average user had a virus.

What Is Malware?

MALicious softWARE is harmful code designed to damage your computer and/or steal your personal information. It includes viruses, worms, spyware, Trojans, bugs, bots, ransomware and rootkits.

Malware can end up on your computer in many ways, due to browsing the Internet or using a detachable device that contains malware. When it comes to email, a machine can be infected when a user opens a malicious attachment or follows a bad link. It’s smart not to click on an email until you’re absolutely sure it isn’t an attack; but the bad news is that preview panes automatically open emails for previewing, which could still lead to infection, so it’s best to switch this feature off before checking anything.

What Are the Dangers of an Email Attack?

Fraudsters use multiple email methods to gain access to a victim’s machine or get them to part with personal information. Here are a few:

Malicious Attachments

Ransomware and other insecure programs are downloaded onto a victim’s computer via an email attachment. A keylogger, for example, monitors users’ movements such as the keys they press when logging into accounts online. With this information, criminals could hijack a user’s banking service and transfer funds to themselves.

A ransomware attachment can encrypt a user’s data and the key to decrypt it is held to ransom. Zero-day attacks take advantage of software errors that are unknown. Once discovered by a hacker, IT departments have zero days to fix the flaw before an attack is leashed. The code for this type of attack can also be delivered via email attachments.

Malicious Links

Clicking on a malicious link in an email could redirect a victim to a fake website (such as one asking you to reset a PIN) where criminals harvest credentials and use these to steal a user’s identity. This technique often uses the names of legitimate organizations, such as PayPal, to lure victims into following links.

Social Engineering Techniques

Scammers dupe potential victims by using social engineering techniques that exploit human frailties like fear, greed or obedience. For instance, they might claim to be an old friend in need of financial aid or someone you met who is romantically interested in you. Engaging with someone like this can lead to a relationship over a period of time (fraudsters have patience) that tricks you into believing you can trust the person. A scammer could then send you a malicious email with an attachment you download or a link you follow because you believe they are a friend.   

Why Is It Important That You Know How to Respond?

Malware may be an attempt to steal victims’ money or identity, or simply harass them. Consider some of the consequences:

  • Shame or embarrassment: A malicious hacker with access to your email could find out secrets you would prefer to keep to yourself and blackmail you with the knowledge
  • Financial loss: Criminals can wipe out your savings in minutes once they get hold of your financial account credentials
  • Identity theft: With access to your email or the contents of your hard drive, a hacker can steal your social security number, contacts list and personal health information, and get access to your business and social networking accounts
  • Data compromise: Once your computer has been hijacked, hackers can lock you out of your machine, encrypt your data and demand a ransom for a decryption key

What Do You Do If You Open a Bad Email?

Momentarily distracted, you click on a suspicious email, then realize your mistake. What can you do to salvage the situation?

InfoSec Institute has put together a step-by-step guide to protecting yourself after the fact. Here’s what you do:

  1. Disconnect from the Internet and take a deep breath.
  2. Double-check the sender of the email. If it’s from someone you know, make sure their address is correct. If it is not, immediately quarantine the email.
  3. If you have opened an attachment or followed a suspicious link (hover over it to see where you were directed), quarantine the email. Even if you are absolutely sure the email was genuine, it’s still a good idea to do a virus scan and a backup of sensitive data.

If you are in any way unsure if you have been compromised or not, take the following remedial steps.

  1. Notify relevant parties, such as your supervisor at work or your ISP at home.
  2. Alert the sender the email purports to be from. If the email pretended to be from bank, call your bank.
  3. Alert your contacts, particularly business ones, that your machine may have been compromised.
  4. Make a list of sensitive information on your machine so you can plan a strategy to secure it in the event it is compromised. Put a stop on bank cards.
  5. Back up sensitive data onto a separate device and virus-check it.
  6. Scan your entire computer for viruses.
  7. Change all usernames and passwords.
  8. Use a clean machine to access the Internet and change your account passwords.
  9. Flag the email as junk or spam.

If you know you have been compromised, you will have to take extreme precautions.

  1. Switch off your machine and take it to a computer expert (or to the IT department at work) for a professional diagnosis.
  2. Use a clean machine to access the Internet and change your account passwords.
  3. Notify relevant authorities and contacts, such as your bank, that your data has been compromised.
  4. If you think your identity has been stolen, go to on a clean machine and follow the instructions.

Conclusion – Look Before You Click

The best way to protect yourself from dangerous emails is to avoid them in the first place.

Remember when you first learned to drive and thought you would never get the hang of the clutch and gear stick working in tandem? Practice made perfect and now you drive with little thought about the details. Similarly, regular security awareness training will help you to respond automatically with caution to suspicious emails. And, never respond to an attacker in anger. If you do that, you’ll just confirm you are a human and your email address is valid, and this makes you a target.



2018 Internet Security Threat Report, Symantec

Posted: September 18, 2018
Penny Hoelscher
View Profile

Penny Hoelscher has a degree in Journalism. She worked as a programmer on legacy projects for a number of years before combining her passion for writing and IT to become a technical writer.