I recently received an email that was proof a growing number of hackers know that installing ransomware can be a lucrative pastime. Although clicking delete would have been a good choice, I thought I'd carefully scrutinize this particular email for tell-tale signs.
My first inclination that it was an email from a hacker was its topic: a supposed bill that our risk management pool, LARM, needed to pay. Most malicious emails will require urgent action, so you're more apt to open them. No one wants to leave a bill unpaid, so most people probably aren't ready to delete an email like this without doing more research.
The next thing that made the email look suspicious was that it had an attachment. I know never to click on a link or attachment in an email when I am unsure of the sender. An email that includes an attachment should cause you to stop and scrutinize its content and sender.
Another step in identifying whether this was a legitimate email is to look to see if the email in the "From" line shows that it is actually from an address that I know is accurate and familiar. I knew that you're supposed to hover your mouse over the email address and if what comes up is different than what is shown as the email, you know it's from a hacker, and you can immediately delete it. This particular email was set up to look like it was from a well-known company, but that doesn't mean that it wasn't still from a hacker, so I continued to do some checking.
The physical address listed in the email's signature was one based locally, so I did a search on it, and Google showed that this particular address was matched to an empty office building. This mismatch was another clue a hacker somewhere was trying to set me up.
You should try to call the business's phone number associated with the email to see if the email did originate with that business. There were two phone numbers in the signature line of the suspicious email I had received, so I called them, and both were answered by a voicemail of someone who said I was to leave a message. This was also a red flag as it was the exact message on both numbers stating they were the same person whose name was listed on the email.
Although this person used the name of a large company and that company's logo in the email, the biggest clue that this was not a valid email for payment was the awkward wording used. A good giveaway that an email is not legitimate is if it is misspelled, has improper capitalization, or is grammatically incorrect. The wording on this email was "Please, Kindly find attached payment remittance that was sent today."
Another clear clue that this was a malicious email was that it showed a different link in the signature at the end of the email when I hovered over it than what was shown. It's possible I would be allowing someone else to activate software on my computer if I clicked on it.
A week after I got this email, I received another from the parent company saying that one of their employee's email accounts had been hacked and to disregard anything received from him. It happens.
I took more time identifying this email than I usually would. Hackers will depend on people not taking time to look over their emails carefully. It's worth the time and effort to check out suspicious emails or spend hours and thousands of dollars trying to correct your mistake.