Don’t click that odd link – it could be malware.
It’s a scene that unfolds in email inboxes every day: A somewhat familiar-looking email comes in, with generic but plausible information. It could be legitimate, but more than likely it has some malicious intent.
Scammers will send emails with any messaging they think you might find interesting. But, if you click on the link, it gives the cybercriminals access to files on your computer, email address books, and personal financial information.
For businesses, these attacks can lead to significant data breaches of customer information or employee data and cost billions of dollars each year.
Your email system, or device, may have a malware defense, but a malicious message is bound to get through to your inbox at some point.
To stay safe, here are a few tips to help you recognize the most common forms of malware:
Sender’s email address
If the email is coming from an address that’s unfamiliar to you or appears odd and unexpected, it’s probably malware. The malicious email may claim to be from within your own company, or even an invoice from an online vendor. Double-check the actual sender’s email address before you click on a link.
HELPFUL HINT: You can click the FW button on the email in question and it will reveal the full email address, odds are it will not be legitimate and will not match the domain that was listed when it was sent to you.
Email subject or attachment contains username
The email may be malicious if it has your username in the subject line or as the attachment filename. The subject field may even be blank as well. Compare this to a typical email with subject lines that focus on a topic and rarely mention usernames.
Enticing or odd attachments
Malware scammers will encourage you to open up any attachments or click on links. Be wary. Attachments can still be harmful even if you have antivirus software on your computer or device. For example, if the email claims there’s a problem with your order or delivery, and they encourage you to open the attachment or click on a link to find out instead of just listing the details in the body of the email, it could be malware.
Does the attachment look odd? If the email attachment has an unexpected file extension (.doc, .zip, .xls, .js, .pdf, .ace, .ari, .scr, .exe, .com, .bat) that doesn’t make sense to you, then treat it suspiciously. For example, if the email encourages you to fill out a form, but the attachment is listed as an “.exe” it’s more than likely malicious.
Be wary of emails requesting you to confirm, check, review or provide your personal information via an attachment. The attachment may be malware. Verify the source first before downloading the attachment.
Warning, threat or urgency
Malware scammers often try to scare or worry you by describing an urgent problem that needs your attention. They may encourage you to open up an attachment to solve that problem. Think twice before opening requests like this and check the source. These emails, at times, appear as a reply following up on a conversation.
Undisclosed or unlisted recipients
Be very cautious of any email that appears as if it has additional recipients, but the recipient addresses are unlisted or undisclosed.
Most legitimate email messages are written in HTML or Rich Text with a mixture of text and images. Malware emails rarely include images and generally have plain text formatting. Plus, take a look at the greeting, if it’s a generic phrase like “Dear Customer,” it may be a scam.
Oh no, I clicked that link
What happens if you’ve already opened the attachment? If the empty attachment or link takes you somewhere unexpected, contact your organization’s IT support immediately. Support may be able to limit any malware damage and help resolve security threats.
You can report malicious email to the United States Computer Emergency Readiness Team, a department of Homeland Security, at https://www.us-cert.gov/report-phishing. Additional cybersecurity resources are available through Homeland Security’s “Stop. Think. Connect” campaign at https://www.dhs.gov/stopthinkconnect.
Microsoft provides additional information on understanding Malware at https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/understanding-malware.