Tips to help determine if a suspicious email is malicious


Below are ten tips to help you determine if a suspicious email is malicious.


Tip 1: Don’t trust the display name

A favorite social engineering (phishing) tactic among cybercriminals is to spoof the display name of an email. Here’s how it works: If a cybercriminal wanted to impersonate the hypothetical support group UO Account Support at the University of Oregon, the email may look something like:

Example email information

Since UO does not own the domain, email authentication defenses will not block this email on behalf of the university.

Once delivered, the email appears legitimate because most user inboxes and mobile phones will only present the display name. Always check the email address in the from: header — if it looks suspicious, flag the email.

Tip 2: Look but don’t click

Cyber-criminals love to embed malicious links in legitimate-sounding email messages. Move your mouse over any links you find embedded in the body of your email. If the link address looks odd, don’t click on it. If you have any reservations about the link, send the email directly the Information Security Office - Phishing Team <>.

Tip 3: Check for spelling mistakes

Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.

Tip 4: Analyze the salutation

Is the email addressed to a vague “Valued Customer” or ""? If so, watch out — legitimate businesses will often use a personal salutation with your first and last name.

Tip 5: Don’t give up personal or university confidential information

UO and most institutions will never ask for your personal credentials via email — especially banks. Likewise, most institutions will have policies in place preventing external communications of business intellectual property. Stop yourself from revealing any confidential information over email.

Tip 6: Beware of urgent or threatening language in the subject line

Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or ask you to act on an “urgent payment request”.

Tip 7: Review the signature

Lack of details about the signatory or how you can contact a company strongly suggests a phishing attempt. Legitimate businesses always provide contact details. Look for them!

Tip 8: Don’t click on attachments

Sending email messages including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.

Tip 9: Don’t trust the from: header on an email address

Cybercriminals not only spoof brands in the display name but also spoof brands in the from: header, including the domain name. Keep in mind that just because the sender’s email address looks legitimate (e.g, it may not be. A familiar name in your inbox isn’t always who you think it is!

Tip 10: Don’t believe everything you see

Cybercriminals are extremely good at what they do. Many malicious emails include convincing brand logos, language, and a seemingly valid email address. Be skeptical when it comes to your email messages — if it looks even remotely suspicious, do not open it.


Article ID: 40236
Thu 10/5/17 1:05 PM
Fri 9/8/23 10:06 AM

Related Articles (4)

How to report phishing attempts to our Information Security Office.
Learn about the Introduction to Phishing online training module available to everyone at the UO.
Learn how to use the "Report Phish" button in Outlook to report phishing emails to the UO Information Security Office.
This article contains information on preventing an account compromise as well as how to regain access once an account is compromised.