Hackers and cybercriminals work very hard to make their emails appear legitimate. Below are five tried-and-tested ways to identify email addresses often connected to malicious campaigns.
Watch Out for Email Addresses That Contain Punycode
Countries that use non-Latin-based alphabets or diacritics commonly employ internationalized domain names (IDNs). These IDNs contain characters that don’t have American Standard Code for Information Interchange (ASCII) equivalents. An example would be “München,” which is represented by the Punycode “xn--mnchen-3ya.” The domain was converted to Punycode as the German letter “ü” doesn’t have an English equivalent.
Nefarious actors abuse punycode for phishing campaigns or IDN homograph attacks. Look out for unwanted emails that come from such domains.
Don’t Open Messages from Email Addresses with Random Characters and Use Subdomains
Real email addresses are straightforward and professional-looking. They don’t contain unnecessary words. They don’t feature multiple random numbers either. Apart from these, legitimate addresses typically use old generic top-level domains (gTLDs).
Legitimate email addresses also rarely use subdomains. As such, be wary of addresses, such as user@accounting[.]thiscompany[.]adifferentdomain[.]co[.]at, they’re bound to be malicious.
Scrutinize the Email Content
Phishing and other malicious emails typically have grammatical errors. Their sentence structure is usually a little off.
Banks and other service providers, especially the ones you have accounts with, have your personal details on record. That said, an official message from one of them would address you by your first name or complete name. PayPal, for instance, addresses users by their full name. If you weren’t addressed appropriately, then think twice before responding to an email or downloading its attachment.
Another telltale sign of suspicious content at the very least is when a sender asks you to reveal your login credentials. Be very wary, most of all, of emails that urge you to transfer money immediately. Get in touch with the person you suspect is being impersonated directly (of course, not via email) to confirm such requests or discard the message at once.
Keep an Eye Out for Attachments and Embedded Links
Just as banks and other service providers won’t ask you to give out your account credentials, they are not likely to send software to install or links to access. Why?
If you are their customer, chances are you already have their online site bookmarked on their devices or their apps installed on your mobile phone. That said, they don’t need to send you an attachment or a link if you need to check your account details or initiate transactions.
Use an Email Verification Tool
An Email Verification API tool like this one automates email address validation, filtering, and segmentation. It specifically checks email addresses for the following probable signs of ties to malicious activity:
1. Syntax:
The tool looks for typos and formatting errors in email addresses. It ensures that the address’s format follows the Internet Engineering Task Force (IETF) standards.
2. MX record:
The tool can determine if the address has a corresponding mail server. Retrieving this record allows cybersecurity professionals to conduct reverse MX server lookups to determine if the email domain has ties to attacks.
3. SMTP Connection:
The tool looks for an existing inbox for the email address. It can also tell if the particular mailbox is temporarily out of service.
4. Catch-all Address:
The tool is capable of identifying if the email address points to a catch-all account.
5. Disposable Address:
The tool tells if an email address is temporary or disposable.
While there’s no single way to plug all email security loopholes, the recommendations we listed above can significantly help. They are potent ways to combat cyber attacks caused by lax email security habits that could lead to credential compromise.5.