By David Tucker, Published Monday, 11th January 2021
Scammers have become increasingly competent over the years which has made spotting malicious emails more difficult. Whilst It is still the case that the grammar and general sentence structure tend to be poor, this has reduced as foreign attackers have got more proficient and translation tools have improved.
Often spammers will use reformatted genuine emails from major companies like Microsoft or Paypal which makes them look very professional and even more difficult to spot. Luckily, there is one very easy way to tell if the email is genuine, and that would be via the weblinks contained therein.The main aim of Spam emails is to redirect you to a dodgy website – when you visit the site it will either run some code to install Malware on to your machine – or it will present a login screen which hoovers up your credentials after you’ve logged in. In order to do this the Hyperlinks need to look genuine (which is quite easy to achieve) but ultimately the code behind the link cannot be hidden and this is how we can spot Spam. Let’s look at some Paypal examples:Genuine Link: https://www.paypal.com/
Genuine Link: Please click here
to go to PaypalDodgy link: www.Paypal.com
Dodgy Link: Please click here
to go to PaypalThe key to spotting the spam is to hover your mouse arrow over the link which reveals its destination. The first genuine link above has text which matches the link destination which is the simplest form of link. The next genuine link shows a more common text based approach still pointing to the Paypal site. The first dodgy link text shows the correct site we want to visit, but as you can see when you hover over it, the destination is Google. The second Dodgy link is the trickiest to spot as it seems genuine at a glance, but as you can see there are 2 ‘p’s in the address.There are many other forms that links will take, but the key point is that when you hover over them they will always show you the true destination, irrespective of what the text says or the logo looks like.Some businesses do have strange names and you will potentially get emails from people who you haven’t dealt with before – so how do you know if their hyperlinks are genuine? In that case we can turn to free online link scanners like this one here: https://sitecheck.sucuri.net/
In order to use these the first step is to copy the relevant link using your right-click menu – this allows you to get the link on to your clipboard without clicking on it. Then you can simply paste the link into the site above and decide on its validity by checking the results.These are good practices to use with emails across all platforms, but when used in conjunction with an anti-spam software solution such as Mimecast or Microsoft Defender for Office 365 your security is increased further still as these software packages often use machine learning and AI in conjunction with more traditional threat detection techniques.Ultimately if you aren’t sure if something is malicious then it is probably best to delete it – or ask Datcom for help!
By David Tucker
David Tucker is an Infrastructure Monitoring Engineer at Datcom. He has over 15 years of experience in managing and maintaining network infrastructure and systems.