Identifying malicious email

Identifying malicious email
12/02/2014 Daniel

We get asked a lot lately how to properly identify malicious email (aka phishing attacks) – here are 2 ways to go about identifying them…

The easy way…

…read the email carefully, there are a couple of easily visible giveaways e.g. the sender address (A) and at the bottom the Russian email address (B). Another telltale sign of maliciously crafted emails becomes visible once you hover (i.e. without clicking) above an link, as a flyout will appear and show you the referenced URL © which is clearly not an official link in this case.

The slightly more involved way…

… in Apple Mail, go to View > Message > View all Headers, which will show more details about where the email came from. Depending on your mail server / hosting setup this will show more or less detail, however the important part here is that there will be addresses and more information (D) that clearly makes this an illegitimate email.

If you feel like doing the right thing you can then forward this email (with the more detailed header info) to the purported sender’s (e.g. AmEx, Apple, etc.) by sending it to abuse@… (e.g. abuse@americanexpress.com or abuse@apple.com)