Unmasking Suspicious Emails: Identification and Response

June 22, 2023 | By: CRE Insight Journal

Email is the primary means of communication for many properties, tenants, and owners, both personally and professionally. This convenience is coupled with a rise in malicious actors attempting to deceive and exploit individuals through phishing and scam emails. Recognizing suspicious emails and knowing how to respond is crucial in safeguarding your personal information and protecting yourself from cyber threats.

This article provides insight on identifying suspicious emails and outlines ten steps to take when evaluating suspicious emails. Always make sure to follow the advice and guidance of cybersecurity professionals and your Information Technology (IT) providers.

Analyze the Sender’s Email Address

Closely inspecting the sender’s email address can often be your first line of defense against cybercriminals. Many malicious emails impersonate reputable individuals or organizations in attempts to gain access to secure systems. Always check whether the domain aligns with the official domain of the purported sender. Be wary of email addresses that show slight deviations, typos, or abnormal sequences of numbers and letters. An email from JDoe@CREcompany.com is quite different from CREcompany@hmail.com or info@CREcompany1.biz. Respectable entities typically use professional email addresses rather than free email providers for their official communications.

Check the Email Subject Line and Content

The subject line and content of an email are prime areas where red flags might arise, and this is often one of the first clues in detecting a malicious email. Be wary of subject lines that instill urgency, employ over-the-top punctuation, or include grammatical mistakes. It’s a common tactic used by bad actors to rush you into making hasty decisions.

Subject lines like “Immediate Action Required!!” and “Your Account Will Be Closed!!!!” should raise eyebrows. When checking the content, look for poor grammar, spelling errors, or inconsistent writing styles, all of which suggest a fraudulent email. Be particularly cautious of requests for personal or financial information, especially if they originate from unfamiliar or untrusted sources.

Be Vigilant with Attachments and Links

Attachments and embedded links are common tools used by cybercriminals to distribute malware or lead you to harmful websites. This is why it is critical to approach unsolicited attachments and links with caution. An email claiming an attachment or link is an invoice or a link that promises incredible discounts could be dangerous if not expected.

Refrain from clicking on links in emails unless you can confirm their validity. You can do this by hovering your mouse cursor over a link (without clicking) to disclose the actual URL. If the URL appears different from what you anticipated or is a shortened URL, this could be a malicious attempt to mislead you.

Verify the Message’s Tone and Context

Cybercriminals often resort to psychological manipulation, using social engineering tactics to trick victims. That’s why it’s essential to consider the tone and context of the email. Alarm should be raised by emails that incite fear, urgency, or a sense of opportunity. For example, an email claiming that your bank account has been compromised and urges immediate action can be a scare tactic to manipulate you. Similarly, an email offering an unanticipated, lucrative business opportunity can be a ruse to entice victims.

Scammers often pose as authority figures, banks, or trusted service providers to trick you into sharing sensitive information. On occasion, scammers will even claim your account is already compromised and will send a “secure link” that they will instruct you to click. Do not click any unknown links or open unknow attachments. Always trust your instincts and maintain skepticism if something appears too beneficial to be real or triggers suspicion.

Examine for Personalization and Phishing Clues

Authentic emails from reliable sources usually contain personal details that establish credibility, reinforcing the significance of this guideline. If an email lacks personalized greetings, uses generic terms like “Dear customer,” or refers to you by your email address instead of your name, caution is advised.

For example, if your financial institution or vendor partners usually address you by your name (or even a nickname) in emails, a sudden “Dear customer” should be a red flag. Be on high alert for email requests asking for login credentials, credit card details, or sensitive data. Remember, legitimate organizations typically do not solicit such information through email.

Here are ten tips to help you evaluate emails and social engineering attacks:

  1. Do Not Click on Links or Download Attachments, avoid interacting with suspicious links or downloading attachments that you are uncertain about. Keep an eye on what kind of file is sent, if the email references a document (such as .pdf or .doc files) but has an executable file (.exe) or webpage file (.html) as an attachment, it may contain malware that can compromise your device personal information, and property.
  2. Never Share Sensitive Information, refrain from providing personal, financial, or login information through email, especially if the request seems suspicious or comes from an unknown source.
  3. Report the Email. Most email services provide options to report phishing or suspicious emails. Use the reporting feature to alert the email provider and help protect other users from falling victim to similar scams.
  4. Delete the Email. If you have identified an email as suspicious, delete it immediately from your inbox and trash folders to prevent accidental interaction or opening in the future.
  5. Stay Informed about the latest phishing techniques and email scams. Follow reputable cybersecurity blogs, newsletters, and news sources to stay updated on evolving threats. CRE Insight Journal has a growing set of resources related to cybersecurity that are useful as well. Share your knowledge with friends, family, and colleagues to raise awareness about email security and the importance of vigilance.
  6. Enable Spam Filters and Email Security Features provided by your email service provider or install reputable security software that can identify and block suspicious emails before they reach your inbox. These tools can help reduce the likelihood of falling victim to phishing attacks.
  7. Be Skeptical of unsolicited emails asking for personal or financial information, even if they appear to come from trusted sources. Legitimate organizations typically do not request sensitive information via email. When in doubt, contact the organization directly through their official website or customer support channels to verify the authenticity of the request.
  8. Check the Sender. Sometimes email accounts are compromised by bad actors, if you receive an email from a colleague’s correct email address that seems off (such as requesting you to download a file or send money to an account) it may be helpful to call them directly to ask about the email or inform them that their email is compromised.
  9. Enable Sender Verification in your email client to help you identify whether the email originates from the claimed source. Verify the email headers and ensure that the sending domain matches the purported organization.
  10. Trust Your Instincts when something feels off or suspicious about an email. If you have doubts about the authenticity of an email, it is better to err on the side of caution and refrain from interacting with it.

Being able to identify suspicious emails and knowing how to respond to them is essential in protecting yourself and your property from potential cyber threats. By analyzing sender information, scrutinizing email content, exercising caution with attachments and links, and verifying the context and tone of the message, you can increase your ability to recognize fraudulent emails. By adopting a skeptical and security-conscious mindset, you can navigate your email inbox with greater confidence and mitigate the risk of falling victim to malicious email scams.

To stay up to date on news and resources such as this and other topics of importance to the real estate industry, subscribe to the free CRE Insight Journal Newsletter using this link.