How can socially-engineered emails be identified?

While socially-engineered emails can be highly sophisticated, there are ways to differentiate them from legitimate emails. Consider the following questions when you next read your emails:

  1. Do you really know who is sending you the email?
    1. Do you recognise the sender and their email address?
    2. Is the tone consistent with what you would expect from the sender?
    3. Is the sender asking you to open an attachment or access a website?
  2. Are you expecting an email from them? Socially-engineered emails can be crafted to appear to come from a relevant and trustworthy source, including from within your organisation. Many use content relating to current events in order to deceptively gain your trust.
  3. Is the content of the email relevant to your work? Malicious cyber actors may use fraudulent emails which relate to your area of interest.
  4. Does the email ask you to access a website or open an attachment? This technique is commonly used to run malicious code on a victim’s computer, which could compromise agency data. You should always type the web address into your browser instead of clicking a link, and avoid clicking on any link that has been shortened, as you have no way of verifying the actual address. Exercise judgment and be cautious when opening attachments or accessing websites.
  5. Is the web address relevant to the content of the email? Always place your mouse over the link and check that the web address is consistent with the link. For example, an email purportedly from a financial institution that contains a link to a pharmaceutical website may be malicious, as the two are unrelated enterprises. Clicking the link could redirect you to a malicious website.
  6. Is the email from a personal email address? If it seems unusual to receive an email from a work colleague or superior from a personal email address, the email could be malicious. Call the sender to verify the legitimacy of the email before opening any attachments or clicking on any links.
  7. Is the email suspiciously written? Incorrect spelling and capitalisation, abnormal tone and language, or the absence of a specific addressee can indicate that an email is not legitimate.
  8. Have you received the same email twice? This could be a sign that malicious cyber actors are seeking to increase the likelihood that you will open their email and action their request.

Source of information: Australian Signals Directorate

Web link: