International forum of Cybersecurity

How to identify a fraudulent e-mail?

– Is the e-mail really directed to you?

Usually, the fraud e-mails are sent to many targets, they are not or bit personalized. The message referres to a file, a bill, a theme that not speaks at all? So it’s certainly a fraud e-mail.

– Watch out the unknow senders: you have to be particularly vigilant to e-mails from e-mail adress that you don’t know and doesn’t belong to your contact list.

– Be care of the level of langage: even if that is less and less true, some malware e-mails are not correctly written. If the message has typing errors, misspellings or inappropriate expressions, that means it doesn’t belong to credible organization (banks, administrations…).

– Check the links in the e-mail: before clicking on the link, leave your mouse, then the complete links appears. Make sure the link is coherent and shows a ligitimate website. Don’t trust domain like impots.gouvv.fr, impots.gouvfr.biz, infocaf.org instead of www.caf.fr.

– Watch out strange request: ask yourself the well-founded demands expressed. No organization has the right to ask you your TAM codes, your access codes and passwords. Don’t give nothing confidential even to somebody who announces to be part of your circle.

– The source adress is not a reliable criterion: an e-mail adress from a friend, your company, a collaborator can be easily stolen. Only a further research can confirm or not the source of an e-mail. *To note: such manipulation is impossible to do from a smartphone screen.

Source CNIL