It is almost impossible to use email without considering the issue of spam. According to research, spam accounts for 45-73% of all emails received by one person. Not all spam is benign promotional emails. In fact, a significant number of these emails are malicious and a serious threat to businesses and employees. Malicious emails are designed to steal your money and personal information. They may also contain malware that can cripple your IT system.

In this article, we’ll outline ways to identify malicious emails and what steps to take if you do discover these emails in your Inbox.

Five tell-tale traits of malicious emails

1. The sender address isn’t correct

Check for any mismatch between a) the email address and the name of the sender b) the email domain name and the official domain name of the company. To see this, your email client needs to display both the sender’s name and their email address. (You may need to adjust your settings).

2. The sender doesn’t use the recipient’s name

Is your name correctly spelt out in the email and are you being addressed as you would expect from the sender? Does the email signature match how this sender would usually sign their emails to you? Legitimate emails will normally use your first name or full name and not generic greetings like “Dear customer”.

3. Embedded links have unusual URLs

Avoid clicking on embedded links immediately. Always hover over them first to check the URL. If the email is legitimate, the destination URL should match the link shown and the expected destination site. The URLs used in malicious emails are often slightly different from the official URLs of legitimate websites. For example, “” will be used instead of “”. Another thing to consider is whether a link shortening service has been used – legitimate emails usually don’t contain shortened links.

4. Errors in language, spelling and grammar

Read through the email and look for incorrect spelling and grammar. Does it seem like the email was translated from another language?

5. The content is bizarre or unbelievable

If an email seems too good to be true, it probably isn’t. Be wary of emails claiming that you are entitled to receive a large sum of money and is asking for your bank details. Another common email scam is one that promises you a great gain in return for a small investment.

Look closer…

Scammers are constantly getting better at creating emails that appear believable and trustworthy. It can be difficult to decipher malicious intent based on sender details and email content alone.

Each of the above “tell-tale traits” is a red flag by itself– even if the other traits aren’t present. And even if you don’t find any of these traits in an email there is still a possibility of it being malicious. To help give you more clarity you should also consider these additional factors:

1. Would the company normally do or say this?

Think about whether the email is what you’d expect from the company it appears to be sent from. For example, reputable banks will not send you unsolicited emails asking for your banking credentials and they will not request for your credit or debit card to be mailed to them. Likewise, Microsoft would not send you emails saying that you have a virus on your computer. There are certain messages that legitimate companies will not send via email. It’s worth taking the time to research and learn about the company’s communication policies. Scammers often pose as these legitimate companies to manipulate their targets into giving away valuable information.

2. There are file attachments

Malicious spam emails often include file attachments, that once opened, will infect your computer with malware. To stay protect you need to avoid opening any attachments that you were not expecting. This is especially important in cases where the attachment is from a company or individual you had no previous contact with. Even if the attachment is from someone you know, it‘s best to first check with the sender without replying directly to the email (i.e. use phone or another method). We also recommend scanning the file using antivirus software before you open it.

3. Check the call to action button

Some dangerous spam emails do not come with file attachments but instead, they contain call-to-action buttons. They trick you into clicking the button which then downloads malicious software onto your computer. You can examine the call-to-action button as you would an embedded link – by hovering over it. If you’re not sure whether the URL is legitimate, it’s best to delete the email.

4. The email is phishing for information

Phishing emails are a common type of malicious spam in which the sender poses as a trustworthy person or organisation and asks you to provide sensitive information such as passwords and banking credentials. Always avoid giving out any personal details via email and make sure to verify the person requesting this information is who they say they are.

What to do with a suspected malicious email

When dealing with a suspicious email the best approach is to delete it. You should also report the email as spam before you delete – most email clients have this as built-in functionality. Reporting the spam gives your email client useful intel that allows for better tracking and blocking of these types of emails moving forward. In addition, many banks and financial companies have a dedicated email address you can use to report suspected phishing attempts. This helps them identify and prevent scammers from using their name to target more people in the future.

If you have any questions regarding the information in this article, please feel free to contact our team at Insight IT. We can provide you with expert advice on spam management and email security. We also offer an in-depth cybersecurity check of your IT system to ensure your data is well-protected against cyberattacks.