What Are the Top 7 Social Engineering Red Flags?

Who Is the Email From?

  • You don't recognize or have a
    business relationship with the sender.
  • The email was sent from a known
    contact, but the content seems
    unusual or out of character.
  • The sender's email address
    contains a suspicious domain
    (ex. micorsoft-support.com).

Who Is the Email Addressed To? 

  • You were cc'd on an email, but don't recognize the other recipients.
  • The email was sent to an unusual mix of people (ex. a
    group within your organization whose last names start
    with the same letter).

Does the Email Contain Hyperlinks?

  • When you hover over an email hyperlink, the link-to
    address is for a different website.
  • The email only contains long hyperlinks, or contains
    misspellings of popular/well-known websites
    (ex. www.bankofarnerica.com).

What Was the Email Subject?

  • The subject line is irrelevant or doesn't match the message content.
  • The email is asking for a response to something you never sent or requested.

What Was the Purpose/Content of the Email? 

  • The sender is asking you to click on content to avoid negative consequences, or to gain something of value.
  • The email contains multiple spelling errors, bad grammar, or illogical sentences.
  • The email contains compromising, threatening, or exploitative content.

What Time Was the Email Sent?

  • You received a routine email - but far outside normal business

Did the Email Have Any Attachments?

  • There is an unexpected or suspicious attachment in the email.
  • The email contains a potentially dangerous file type.

[INFOGRAPHIC] Social Engineering Red Flags