Email is a very easy to forge – so easy that if you try to impress a hacker by claiming to have forged email, they’ll fall about the floor laughing. So you should not automatically trust email – there are usually indicators showing the origin is suspicious …
This example is a bit obvious and not only because it has a big warning added by Google :-
- Look at the email address (“Golan <firstname.lastname@example.org>”) – why does the email address not match the name? The name at the end of the email is “Ella Golan” which is included as a comment to the email address, but bears no relation to the actual email address (“email@example.com”). Now legitimate emails can have this signature, but it is a useful indicator.
- The email contents mention Israel, so why is a Brazilian email address being used – the .br at the end of the domain name is a country-based domain using the ISO 3166-1 two letter country code.
- The subject (“Hey”) is informal to an extreme degree (as well as an example of a poor subject), yet the contents of the email are formal. Suspicious?
- The wording of the actual email itself are somewhat odd. Of course people don’t always write perfect English, but it is still a useful indicator.
The more dangerous emails tend to be ones that ask you to do something directly :-
Good Day Please do check attached document It is secure via Adobe file Awaiting to read from you Many thanks Andrew
Again the English is a little odd. But there are still some additional indicators here :-
- Is it usual for an attachment to be included? And without mentioning anything about what is inside?
- Secured by something written by Adobe? Well that is probably more a security insider’s joke. But do you commonly deal with attachments secured in this way?
- If it is supposedly from someone within your organisation, why are they not using your organisation’s method of sharing files?
The key thing to grasp is that email itself cannot be trusted, but emails not worthy of trust often give themselves away in little ways. Learn to pick up on those untrustworthy little ways, and mark each email with a trustworthiness score … and if it comes out as a bit suspicious, try contacting the sender to confirm they really did send it.
You can of course always ask a colleague to check the email as well.