How to check Emails for legitimacy

Phishing is one of the most common methods of cyber crime, but despite how much we think we know about scam emails, people still frequently fall victim.

Here are a few things you can check if you are not sure if an E-Mail is legitimate.

Sophisticated attacks have been seen, it can still happen that an E-Mail looks legitimate to you, but is not.
If you are unsure, ask your companies poweruser or your IT-Department

General Advice

  • Always check the "From" Field first. If the Name does not match the sender domain, of if the Email address looks strange or doesn't have anything to do with what is in the Email, it's probably fake.
  • If you are not sure about an Email, you should always ask your IT-Department. They can help you identify fraudulent Emails.

Are the URLs Legitimate?

You can check if an URL is legitimate by hovering your mouse over it and see where the Link points.

Proxmox Mail Gateway disables links in the Email-preview, so you need to rely on other methods to check the legitimacy

Does the sender claim to be affiliated with your company or your IT-provider?

If an E-Mail claims to be from your IT-Provider or your company and wants you to do something, always check back with a responsible employee you have had contact before.

image-1608517530482.png

Is the grammar and spelling of the E-Mail correct?

A widely used practice of many spammers&scammers is to use misspelled words on purpose. While it may seem like this would quickly reveal an illegitimate email, it is a tactic used to find users that are less technically-abled. Spammers have learned that if they get a response from a poorly written email, they are on to an easy target and will focus their efforts to bring that user down. Also, this method is often an attempt to bypass wordbased scanning. Many spammers are based in countries where English is not the main language.

image-1608517902745.png

Is the only content of the E-Mail an image?

This is a common practice of spammers.

 

If you can drag the Text and see a smaller version of the whole e-mail, it is an Image.

 

image-1608518227063.png

 

 

Does the E-Mail request personal information?

If the E-Mail requests that you log in somewhere, or that you should fill out personal details and reply, that is often a tactic to get to your personal information.

image-1608519275801.png

Does the E-Mail request that you open an attachment or click on a link?

Most often, these will be shipping confirmations or invoice documents with malicious files attached.

Is the text of the sender consistent with the E-Mail address?

image-1608518459019.png

image-1608518494298.png

Does the sender claim to be your boss? / Is the sender-address looking legitimate? / Does the sender want you to do something urgently?

If the sender claims to be your boss or somebody else and wants you to urgently do something that involves financial transactions, always check back with your boss via phone. Especially if the request is not according to your processes or if it looks out of the ordinary.

Below you find an example of a fishing attempt.

image-1608518669363.png

The employee did not check the first Email for legitimacy and replied that he was available. Then the scammer replied (from a different Address) with the request the employee buy gift cards for customers. Then the employee noticed that something was strange and informed his IT-Departement.

image-1608518813640.png