8 Tips To Not Get Tricked & How To Spot A Fake Email

Hackers are getting smarter and trickier every day, and it’s extremely easy to get tricked into one of their scams when we’re working quickly and multi-tasking. Downloading that PDF in an email is second nature, but you MUST stop and take a second look at if it’s truly a “friendly” email and not one containing dangerous malware. Below are eight tips to not get tricked into downloading malicious content onto your network.

  1. DON’T open attachments that you aren’t positive are OK; attachments are one of the most common ways that malware spreads.
  2. DON’T fall for phishing scams. Be skeptical. Phishing is a common way that online accounts are hacked into and can lead to more serious issues like identity theft.
  3. DON’T click on links in email that you aren’t positive are safe.
  4. DON’T install “free” software without checking it out first. Many “free” packages are so because they come loaded with spyware, adware, and worse.
  5. When visiting a website, did you get a pop-up asking if it’s OK to install some software that you’re not sure of because you’ve never heard of it? DON’T say OK.
  6. Not sure about some security warning that you’ve been given? DON’T ignore it.  Research it before doing anything.
  7. DON’T leave your computer unlocked.
  8. And of course, choose secure passwords and DON’T share them with anyone.

Many of the recent malware threats and viruses are spread through emails posing to be from legitimate companies like UPS, FedEx, PayPal, IRS, or are emails saying that you have an invoice to view, voicemail to download to listen to, etc. A lot of times, people ask us, “what do malicious emails look like?” Or, “how can I tell if it’s an email containing a virus?” Here’s a quick visual guide that walks you through some of the telltale signs.

  1. Sender’s Address: The “From” line may include an official-looking address that mimics a genuine one. It’s easy to alter the sender’s email address-so don’t trust it.
  2. Generic Greetings: Be wary of impersonal greetings like “Dear User,” or your email address. A legitimate email will almost always greet you by your first name.
  3. Typos/Poor Grammar: Emails sent by well-known companies are almost always free of misspellings and grammatical errors.
  4. False Sense of Urgency: Many scam emails tell you that your account will be in jeopardy if something critical is not updated right away.
  5. Fake Links: These may look real, but they can lead you astray. Check where a link is going before you click by hovering over the URL in an email, and comparing it to the URL in the browser. If it looks suspicious, don’t click.
  6. Attachments: A real email from UPS, PayPal, FedEx, ect. will never include an attachment or software. Because they can contain spyware or viruses, you should never open an attachment unless you are 100% sure it’s legitimate.

Fake email
















Often the emails will look like the two pictured below.

bad email 1 bad email 2

Urgent New Virus Alert!

We want to alert you again to a very urgent threat to the data on your network called Cryptowall 2.0.

You should immediately advise your staff to not open ANY ZIP or PDF files that are sent to you through e-mail. This new virus arrives as an e-mail that contains a zip or PDF file that pretends to be an invoice, purchase order, bill, complaint or other business communication. If you receive such a message, you should verify with the sender that they did in fact send this message prior to opening the attachment.

This threat is specifically designed to defeat firewalls, anti-virus and anti-malware software. There is presently no known way to block these threats. If you open such an attachment, you won’t even know you have been infected until you attempt to access data on your network. Once infected, your data is inaccessible and current recovery steps are time consuming and expensive. We can not stress the severity of this threat enough.

We are actively monitoring this situation and working with our security partners to implement updates as soon as they are available. In the meantime, we recommend you adopt a very conservative posture toward this threat by not opening any e-mail attachments you have not personally verified. We expect this threat to be active for the foreseeable future.

If you have any questions or concerns related to this, please do not hesitate to contact our office.