Security News

Tarsus SecureData

Identifying Malicious Email

Leave a comment

Ransomware is taking hold of South Africa and wreaking havoc with users devices, data, time and wallets ( For more info see , Ransomware) it is becoming so much more important to think twice before clicking on anything, via email or when you browse the internet.

User awareness is an absolutely crucial starting point for fending off unwanted and costly cyber-attacks. Nowadays, so much trust is put in the technology protecting us, and it does defend you, but only up to a certain point. It is becoming increasingly difficult for your antivirus system to keep up and needs to know about 24000 variants every minute to keep you safe. However, it cannot know every variant instantly, which is how we have the Zero-Day attack. This is especially true to the unbeknown user when hidden links and seemingly safe attachments pack a nasty bite.

Email in particular is often a hiding place as most Endpoint protection and Email spam solutions cannot read what’s inside your email. Following the guidelines below before you open any emails from new or unknown sources will help you identify what needs to be deleted or escalated to your IT guy

Confirm email address The first step to identify if an email is legitimate or not, is to simply checking the email address of the email received. By doing so, you will be able to tell if the email is from a recognizable domain that is linked to the actual sender name. For example, if an email is received from the domain name “” has to be confirmed as this will provide an indication if the email was sent from “company”.

Always verify any hyperlinks or URL’s. Malicious emails would always want the recipient of the email to open URLs in the email. You will always want to make sure the link is legitimate and uses encryption (https://). Do not follow any links in emails without verifying if the URL is legitimate. Hover your mouse over the link and confirm the address of the link.

2Incorrect grammar or spelling A common practice of many hackers is to use misspelled words on purpose. While it may seem that this would easily reveal an illegitimate email, it is actually a tactic used to find less savvy users. Spammers have learned that if they get a response from a poorly written email, they are on to an easy target and will focus their efforts to bring that user down.

Plain text and absence of logos Most legitimate messages will be written with HTML and will be a mix of text and images. A poorly constructed phishing email may show an absence of images, including the lack of the company’s logo. If the email is all plain text and looks different from what you’re used to seeing from that sender, please contact your IT service provider to assist or delete the email.


Message body is an image This is a common practice of many spammers. Hover over the images in the email and view the URL before clicking on the image. Do not click on any image in an email before verifying the URL in the image.

Request for personal information One tactic that is commonly used by hackers is to alert you that you must provide and/or update your personal information about an account (e.g., ID number, bank account details, account password). Phishers will use this tactic to drive urgency for someone to click on a malicious URL or download an attachment aiming to infect the user’s computer or steal their information.

Suspicious attachments The majority of financial institutions or retailers will not send out attachments via email, High risk attachments file types include: .EXE, .SCR, .COM, .BAT, .LS, .PDF, .DOC, .DOCX, .HW, LZH, .RAR, and .ZIP. Staff members should know to look out for any suspicious emails, including those being transmitted from unfamiliar senders. If an individual does open a message of this kind, they should take care not to open any attached documents or links contained in the email as these likely contain malware.

Urgent or Too good to be true If an email seems too good to be true, it most likely is. Be cautious with any message offering to place money into your bank account by simply “clicking here”. Also, if the content places any kind of urgency as far as “you must click into your account now”, it is most likely a scam and should be marked as “junk”.

Email Reputation As the first line of defence, Email Reputation Services help prevent spam before it can flood your network, overload email gateway security, and burden your system resources. To identify the reputation of the email received please use Trend Micro Email Reputation to verify the reputation of the email:

To view the IP address of the email received please do the below. If necessary request assistance from your IT service provider:

1. Start Microsoft Outlook

2. Double click on message header in order to open it in a window

3. Click File -> Properties

4. Under the Delivery options in the Internet Headers box you can see the mail header information.

NB! You will not be able to find the real IP address if the sender uses an anonymous proxy server, often an indication the email is from a dodgy source, If you are not sure, contact your IT Support


Author: Sean Kilian

Service Delivery Manager for Professional Security Services @ SecureData Africa

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s