Millions of malicious emails are sent every day. Many of these are trying to steal your personal details. Most of you are aware that criminals send messages that pretend to come from your bank to steal bank and other personal details, but a fair proportion of these target less obvious information such as your University or other email login. Email aimed at stealing such details is called “phishing”.
Loss of your username and password can have serious consequences. They can be used to read all your emails and gather personal details, see who your contacts are send email to them and others on your behalf. University credentials can be used to login to any system you are registered on, giving criminals the access to read change or delete anything you have access to an any of these systems.
Other types of malicious email are sent with the aim of tricking you into running viruses and similar programs (malware) on your computer. Links in email can download these programs directly, logo to web pages that can infect your computer, or the email can have a program hidden in an attachment that runs when you open it.
Malware can do all manner of things like spy on what you are typing or encrypt all your files and demand a ransom to let you access their contents again. The only limits are the imagination and creativity of the people who write the programs.
What does malicious email look like?
This is a difficult question to answer, because there are thousands of different campaigns, and new versions are being written every day.
Examples of phishing include email telling you that your WebMail Account is full and you must enter your password to unlock it; perhaps the email has an ‘Urgent Attachment‘ and you must log into a webpage to receive it, or that your ‘Recent Transaction‘ was successful and you must enter your bank details to confirm.
Examples of email carrying malware include attached invoices, speeding fines (Notice of Intended Prosecution), parking fines and notices about orders that you will be charged to your credit card if you do not cancel.
What Types of Things Should you Look For?
Most of the messages have the following three general characteristics
- The email looks like it is from a trustworthy source such as IT services, the Police, a bank or delivery company – this is so you will trust the email
- The email gives you a warning or threatens you of something bad that will happen if you take no action – this is designed to make you panic
- The email asks you to click on a link or open an attachment; the links lead to pages that ask for your username and password or download files – these actions will get your password stolen or infect your computer
The content is suspicious
This can be a difficult one because the criminal sending the email is trying to trick you. However, most malicious email can be spotted from the content alone from. Sometimes things just don’t look right. A message will just look suspicious. If you feel something is wrong it probably is.
The main things to consider are:
- Am I expecting this message?
- Would the sender really send such a message to me?
- Is the message really the type of communication that you would expect from the organisation it claims to come from?
Unfortunately there is no simple set of rules that can be applied so here are a few other characteristics.
- There are often grammatical errors, odd wording or technical errors in the messages.
- Links go to sites that are nothing to do with the organisation sending the email.
- Link shortening services are used to hide where links really go (eg bit.ly, tinyurl.com, ow.ly).
- The subject field does not really match the content
- Would the sender really send such a message to me? Is the message really the type of communication that you would expect from the organisation it claims to come from?
If in doubt, seek advice from the IT Service Desk.
The email address is not consistent with the organisation sending it
In the case of IT services examples would be email from IT services not coming from address ending in bham.ac.uk and not addresses hosted elsewhere – for example email@example.com, IT@helpdesks.org, firstname.lastname@example.org or email@example.com.
Even if the address is correct, there is no guarantee that the email is genuine as addresses can be forged and sometimes compromised accounts are used to send malicious email. However if the address looks wrong in this way you can be confident that the email is malicious.
We do post examples of malicious email on this security blog highlighting suspicious characteristics. These can be found by looking at the “Examples of malicious email” category.