🚨 Identify Spam and Phishing Emails

🚨 Identify Spam and Phishing Emails

ℹ️ Introduction

Email remains one of the most common attack vectors used by cybercriminals. As an Email Administrator, your role is critical in protecting the organization from spam, phishing, and social engineering attacks that may lead to credential theft, malware infections, or data breaches.

This guide will help you:
  • Check if the sender is genuine.
  • Spot suspicious links and attachments.
  • Recognize common phishing content.
  • Verify whether an email from an organization is legitimate.

📋 Prerequisites

Before you start, it’s helpful if:
  • You can sign in to your email inbox.
  • You are able to see the full email address of the sender.
  • You know how to hover your mouse over a link without clicking it, so you can see where it goes.

🧭 Additional guided document

Prefer screenshots and visual instructions?

In addition to the steps in this article, you can also follow the instructions in the attached guided document “Identify Spam and Phishing Emails” provided by your organization.

The guided document includes:

  • Visual examples of suspicious emails
  • Screenshots showing where to check sender details and links
  • A step-by-step walk-through of how to review emails safely

If you prefer a more visual, guided experience, open the attached document and follow the steps alongside this article.

📝 Step-by-Step Instructions

📍 Step 1: Validate the sender information

  1. Check the full sender email address:
    1. Do not trust only the display name (for example, “Microsoft Support”).
    2. Click or hover on the sender name to see the actual email address.
  2. Look for spelling or domain errors:
    1. Example of a suspicious domain: @micros0ft.com instead of @microsoft.com.
    2. Be careful with extra words or strange domains (for example, @secure-microsoft-login.com).
  3. Watch out for free email domains:
    1. Be cautious if a known brand (e.g., bank, cloud provider) uses @gmail.com, @yahoo.com, etc.
  4. Check for display name spoofing:
    1. If the name looks trusted, but the email address is unfamiliar or unrelated to the company, treat it as suspicious.

📍 Step 2: Inspect links and attachments

  1. Hover over links before clicking:
    1. Move your mouse over a link (without clicking).
    2. Check the URL preview at the bottom of your browser or in the tooltip.
    3. If the URL does not match the text shown, it may be phishing.
  2. Check for shortened or strange links:
    1. Be careful with links from services like bit.ly, tinyurl, or links that look random or unreadable.
  3. Be suspicious of unexpected attachments:
    1. Especially if you did not expect the email or do not know the sender.
    2. High-risk file types include:
      1. .html
      2. .zip
      3. .exe
      4. .iso
      5. Macro-enabled Office files (for example: .docm, .xlsm)
  4. If unsure, do not open:
    1. Do not click links or open attachments from unknown or untrusted senders.
    2. When in doubt, contact your IT team or the supposed sender using a trusted method (phone, official website, or known contact email).

📍 Step 3: Analyze the email content

  1. Check for poor grammar and spelling:
    1. Many phishing emails contain obvious spelling mistakes or awkward phrasing.
  2. Look at how the email addresses you:
    1. Generic greetings like “Dear User”, “Dear Customer”, or no name at all can be a red flag.
    2. Legitimate organizations usually use your real name.
  3. Watch for urgency and threats:
    1. Be cautious of messages saying things like:
      1. Your account will be suspended today
      2. Immediate action required
      3. You must pay now to avoid penalties
    2. Phishers use urgency to pressure you into quick actions.
  4. Never share sensitive information by email:
    1. Be suspicious if the email asks you to:
      1. Enter usernames or passwords
      2. Provide credit card or bank details
      3. Upload ID documents or other personal data
    2. Legitimate companies typically do not ask for passwords or sensitive data by email.

📍 Step 4: Verify the organization’s identity

  1. Compare with official communication:
    1. Check if the style, logo, and wording match what you usually receive from that organization.
  2. Go directly to the official website:
    • Instead of clicking links in the email:
      1. Open your browser.
      2. Type the official website URL manually (for example, www.paypal.com, www.microsoft.com).
      3. Log in from there to check if there are any alerts or messages.
  3. Use trusted contact channels:
    1. If the email claims to be from your bank, cloud provider, or a government agency:
      1. Call the official phone number from their website.
      2. Or email them using a known, official address.
    2. Do not rely on phone numbers or email addresses provided only in the suspicious email.
Notes
Important Notes & Tips
  1. Pause before you click: If an email feels strange, urgent, or “too good to be true,” stop and review it carefully.
  2. Trust your instincts: If something feels off, it probably is. Do not ignore your doubts.
  3. Do not reply to suspicious emails: Replying can confirm that your email address is active, which may lead to more spam.
  4. Report suspicious emails: Follow your company’s process to report phishing or spam (for example, using a “Report Phishing” button or forwarding to your IT/security team).
  5. Keep security tools enabled: Do not disable spam filters, antivirus, or security warnings in your mail client or browser.

🛠️ Troubleshooting (Common issues and what to do)

Quote

1. I clicked a suspicious link by mistake:

  1. Immediately:
    1. Close the browser tab.
    2. Do not enter any passwords or personal details.
  2. Then:
    1. Change your passwords for important accounts (email, banking, company accounts), starting with your email account.
    2. Inform your IT support team or security team right away.
Quote

2. I opened a suspicious attachment:

  1. Disconnect from the internet if possible (turn off Wi-Fi or unplug the network cable).
  2. Do not open the file again.
  3. Contact the IT support team immediately and inform them of what happened.
  4. If your device behaves strangely (pop-ups, slow performance, unknown programs), mention this to the IT team.
Quote

3. I gave my password or personal details on a suspicious site:

  1. Change the affected password immediately from a trusted device and location.
  2. If the same password is used on other sites, change those as well.
  3. Notify the IT support team and your manager or security contact.
  4. Monitor your accounts for unusual activity.
Quote

4. I am not sure if an email is real or fake:

  1. Do not click any links or open attachments.
  2. Do not reply to the email.
  3. Take a screenshot or forward the email to your IT support or security team and ask them to verify.

📞 Need Further Assistance?

If you still suspect a spam or phishing email, or if you think you may have interacted with a malicious message, please contact your IT support team.

When contacting support, please provide:

  • A brief description of what happened
  • The date and time you received or opened the email
  • Screenshots of the email (including the sender address and any links, if visible)
  • Whether you clicked any links or opened any attachments
Use your organization’s standard IT support channels, for example:
  1. Email your IT support address.
  2. Call your internal IT helpdesk number.

Warning
Do not delete the suspicious email until IT support confirms it is safe to do so !

    • Related Articles

    • 🏢 Office 365 Outlook Issue – Problems & Solutions

      This article outlines commonly reported issues with Office 365 Outlook, including: ? Outlook not responding ? Emails not loading or syncing ? Search function not working ? Slow performance while sending/receiving mail To help users get back on ...

    • 🔐 How to Log In to Your New Outlook Email Account

      ? Purpose / Overview This article guides you through the process of accessing your newly created Outlook email account for the first time. You will learn how to sign in, reset your initial password, and set up Multi-Factor Authentication (MFA) for ...