Email is the primary means of communication for many properties, tenants, and owners, both personally and professionally. This convenience is coupled with a rise in malicious actors attempting to deceive and exploit individuals through phishing and scam emails. Recognizing suspicious emails and knowing how to respond is crucial in safeguarding your personal information and protecting yourself from cyber threats.
This article provides insight on identifying suspicious emails and outlines ten steps to take when evaluating suspicious emails. Always make sure to follow the advice and guidance of cybersecurity professionals and your Information Technology (IT) providers.
Closely inspecting the sender’s email address can often be your first line of defense against cybercriminals. Many malicious emails impersonate reputable individuals or organizations in attempts to gain access to secure systems. Always check whether the domain aligns with the official domain of the purported sender. Be wary of email addresses that show slight deviations, typos, or abnormal sequences of numbers and letters. An email from JDoe@CREcompany.com is quite different from CREcompany@hmail.com or info@CREcompany1.biz. Respectable entities typically use professional email addresses rather than free email providers for their official communications.
The subject line and content of an email are prime areas where red flags might arise, and this is often one of the first clues in detecting a malicious email. Be wary of subject lines that instill urgency, employ over-the-top punctuation, or include grammatical mistakes. It’s a common tactic used by bad actors to rush you into making hasty decisions.
Subject lines like “Immediate Action Required!!” and “Your Account Will Be Closed!!!!” should raise eyebrows. When checking the content, look for poor grammar, spelling errors, or inconsistent writing styles, all of which suggest a fraudulent email. Be particularly cautious of requests for personal or financial information, especially if they originate from unfamiliar or untrusted sources.
Attachments and embedded links are common tools used by cybercriminals to distribute malware or lead you to harmful websites. This is why it is critical to approach unsolicited attachments and links with caution. An email claiming an attachment or link is an invoice or a link that promises incredible discounts could be dangerous if not expected.
Refrain from clicking on links in emails unless you can confirm their validity. You can do this by hovering your mouse cursor over a link (without clicking) to disclose the actual URL. If the URL appears different from what you anticipated or is a shortened URL, this could be a malicious attempt to mislead you.
Cybercriminals often resort to psychological manipulation, using social engineering tactics to trick victims. That’s why it’s essential to consider the tone and context of the email. Alarm should be raised by emails that incite fear, urgency, or a sense of opportunity. For example, an email claiming that your bank account has been compromised and urges immediate action can be a scare tactic to manipulate you. Similarly, an email offering an unanticipated, lucrative business opportunity can be a ruse to entice victims.
Scammers often pose as authority figures, banks, or trusted service providers to trick you into sharing sensitive information. On occasion, scammers will even claim your account is already compromised and will send a “secure link” that they will instruct you to click. Do not click any unknown links or open unknow attachments. Always trust your instincts and maintain skepticism if something appears too beneficial to be real or triggers suspicion.
Authentic emails from reliable sources usually contain personal details that establish credibility, reinforcing the significance of this guideline. If an email lacks personalized greetings, uses generic terms like “Dear customer,” or refers to you by your email address instead of your name, caution is advised.
For example, if your financial institution or vendor partners usually address you by your name (or even a nickname) in emails, a sudden “Dear customer” should be a red flag. Be on high alert for email requests asking for login credentials, credit card details, or sensitive data. Remember, legitimate organizations typically do not solicit such information through email.
Here are ten tips to help you evaluate emails and social engineering attacks:
Being able to identify suspicious emails and knowing how to respond to them is essential in protecting yourself and your property from potential cyber threats. By analyzing sender information, scrutinizing email content, exercising caution with attachments and links, and verifying the context and tone of the message, you can increase your ability to recognize fraudulent emails. By adopting a skeptical and security-conscious mindset, you can navigate your email inbox with greater confidence and mitigate the risk of falling victim to malicious email scams.
To stay up to date on news and resources such as this and other topics of importance to the real estate industry, subscribe to the free CRE Insight Journal Newsletter using this link.