How to identify malicious emails...

How to identify malicious emails...

The best way to prevent infection from malware or having your details stolen via a phishing link is to be able to identify malicious emails.

For a more detailed look at how spammers send these malicious emails take a look at how to keep your computer safe from spam emails & ransomware.

For now let's take a concise look at how to identify malicious emails...


Malicious .zip attachment emails...

Any email with a .zip attachment should be treated as suspicious. Malicious zip attachment emails stated over 10 years ago when a group of hackers sent out mass emails disguised as if they were sent from delivery companies DHL & UPS.

We can easily identify this spam "DHL" email by looking at the sender email address "jzcfhs@wiesastyling.nl" As the email was clearly not sent from anyone at DHL.com we can just delete and forget about it. .zip file extensions should ALWAYS be treated as dangerous!

dhl zip file attachment spam email

Malicious .zip attachments are particularly nasty as clicking on a malicious zip file can install malware or ransomware without any notification. For the user you will click the .zip and nothing will happen, you just write it off as a bad attachment.

Anywhere from 1 to 24 hours later you will likely get a pop up message on your screen demanding money (bitcoin) to release your files. By this time all the files on your PC are locked and you either have to pay or restore from a backup.

If you do accidently click on an attachment that does contain ransomware you should turn off your PC immediately. If you get a pop up like the one below demanding money turn your PC off as quickly as possible, this includes simply pulling out the power cable.

crypto ransomware notice

Prevention ↣ to prevent ever being infected from a malicious zip file you should treat any zip file received via email as suspicious. In fact I would go as far as to say that any zip file received via Outlook can be deleted.

Major email providers Microsoft 365, Google ETC have huge limits now on sending and receiving (100MB) so sending emails with zip attachments is really a thing of the past unless malicious intensions are at the root of the email.

If the worst happens and you think you have opened a malicious zip file you should immediately turn off your PC or laptop and talk with your IT support about next steps.

Malicious emails that look like internal communications...

Hacker groups are so advanced and have so much data they can actually send emails and make them look like they were sent internally from someone within your own company.

These emails are often sent from someone with a high position within the company to someone in accounts asking them to make a random transfer of money.

In this example David Thomas is the MD and this email was sent to an internal member of staff with the intention of getting the staff member to click on the malicious link. Again we can identify this as spam simple by checking the email address and noticing that it is not in fact sent from David.

internal spoof email address spam

Prevention ↣ as with the many examples we'll see below there should be signs that these emails are malicious. Likely even though the name on the email is the same as someone internally the actual email address will most likely be something entirely different.

The most obvious give away of course is that you're being asked to transfer to someone or some company that you've never dealt with before. This sounds super obvious but Facebook and Google both got scammed out of $250,000.00 each using this method.

Malicious emails that look like there from trusted organisations (DropBox, Google, Microsoft, Apple ETC)

The most common type of malicious email you are likely to receive will look like it's from a large trusted organisation. These types of emails will likely be phishing scams.

This email is designed to look like it's been sent from Apple, here we can see by the email address that its spam. In this case we can also see that the cancel / refund link also doesn't point to the apple website. You can see the link address without clicking on it by hovering the mouse cursor over the link.

apple scam phishing email example

Phishing scams are when the hacker is trying to find a way to determine your most commonly used username & password. With this information the hacker can then attempt to access other accounts that belong to you, if someone was able to access your Amazon account they could then go ahead and start to determine your credit or debit card details.

The example below looks exactly like the normal Google login but you can identify this as a phishing login page by looking at the URL and noticing that it is not google.com or google.co.uk the URL is totally random.

google docs phishing login

Prevention ↣ most phishing scam emails are pretty easy to identify. You'll find that the sender email address is not from the company that the email is supposed to be from.

You can also identify a malicious link by hovering your mouse cursor over the link to display the link URL which again WON'T point to the correct URL of the proposed sending organisation.

Take a look at this example below from "Amazon" if I hover the mouse cursor over the manage/cancel subscription link we can see that the link doesn't point to amzon.co.uk or amazon.com. Also notice like many of the other examples the email address isn't amazon.co.uk but rather amzn.co.uk.

amazon phishing scam email example

Threatening extortion scam emails...

So far this year we have noticed a rise in malicious emails whereby the receiver is actually being threatened.

These types of emails are sent out to scare users and extort them out of money, the sender will request the money be sent to them in the form of bitcoin in a number of hours. If the demand isn't met then embarrassing data about the receiver will be released.

No matter how real these threats might sound these scam emails can safely be ignored and deleted. The threat will likely be something like your webcam has been recorded and we will release the recording.

The innocent setup email scam...

Until very recently we had never had a report of this happening. The first email from the scammer will be something totally innocent, a genuine new business enquiry probably. This first email won't contain any malicious links or content.

After you have replied to the very genuine enquiry you receive your second email from the same sender but this time there is a link within the email.

The idea here obviously is that the scammer is trying to build some trust with you before sending what will either be a malware link or phishing link.

Something from an old friend or well-known sender...

Sometimes genuine accounts will get hacked and these hacked accounts get taken over by the spammers, we've probably all received a random message from a friend's hacked account.

In these cases the scammers will use the hacked accounts to spam anyone in the contact lists most likely friends and family. If you receive an email from friend or family that you think doesn't look right you should contact them and advise that they should change their password.

This also happens regularly on skype, if you're a skype user you should always treat shortened links as suspicious (bit.ly/2vqhFXm).

What should I do if I click on a malicious email link?

If you suspect you've clicked on a malicious email link turn off your PC in the quickest way possible, this might even mean quickly pulling out the power cable.

Call your IT support company and asses what type of link you have clicked on.

If you clicked on a phishing link that asked you to sign into a page but DIDN'T sign in you can safely continue as normal. (Run Malwarebytes just to be safe)

If you clicked on a phishing link and DID attempt to sign in to the fake website you should immediately reset all your passwords. (banking, online shopping, email accounts, 365) and anything else you can think of. Run Malwarebytes once you've finished resetting all your passwords.

If you think you have clicked on a malicious link like a .zip attachment you should turn off your PC as quickly as possible. Once the PC is off call your IT support company and have them re-format and start the PC from new.

If you have clicked on a malicious link like a .zip you will likely loose data stored on the PC or laptop hard drive. The quicker you turn off the PC the more data can be saved.

Well known malicious email examples:

PayPal ↣ Looking at this PayPal phishing email we can hover the mouse cursor over the cancel payment link to reveal that the link does not point to paypal.com.

This type of link would likely direct you to a PayPal lookalike page and if you attempted to sign in your PayPal login details are stolen.

paypal phishing email example

Apple iTunes ↣ Again with this Apple receipt example simply by hovering the cursor over the link we can identify that the link does not point to apple.com.

apple itunes phishing email example

Microsoft Office 365 ↣ In this example we can easily see that the sender address is not from microsoft.com. Hovering the cursor over the enable more storage link reveals that the link does not point to microsoft.com.

office 365 phishing email example

HMRC ↣ Fake HMRC scam emails have been going around for many years now but people are still often tricked by them. This link is disguised to look like a PDF attachment but again you can see it points to a very random URL. HMRC spams like this most likely would contain ransomware if the link was clicked so should be quickly deleted and ignored.

hmrc ransomware email example

Penalty Charge Notice ↣ We started to see fake parking fine notice spams a couple of years ago; again this link would likely contain nasty ransomware. Most of us have had a parking fine at some stage so we know they get stuck to the window and don't come through on email!

PCN phishing email example


GoRazy.com Open Internet Promise...

We believe in a totally free and open internet where you can find what you're looking for, find great advice and helpful articles without being tracked or monitored in any way by the websites you visit.

That's why when you visit GoRazy.com Blog or IT Support we guarantee that you are not tracked in anyway, we won't even serve pointless ads or clickbait at the end of our articles.

So if you like the sound of an open internet that doesn't track you or serve up junk advertising share this and let's make the internet a better place!