Last week I mentioned that malicious email was on the rise and I received many responses echoing that sentiment. All malicious email is trying to compromise yourself or your company, via tricking you into:

  • Downloading malware
  • Divulging personal information

Here are 3 types of malicious emails and how to identify them.

Type 1: The CEO Wire Fraud Attack

This attack targets individuals that have access to financial information and have the authority to wire funds. The attacker send an email “spoofed” to look like it was sent by a high ranking executive and asks to have funds transferred to some financial institution.

A note about “spoofing”: Spoofing refers to emails that look like they are being sent by someone within the organization, but are actually not. These can be blocked through proper email platform configuration. If anything seems out of place, just contact the person emailing you.

One of the largest of these attacks targeted Ubiquiti Networks Inc, where attackers made off with $46.7 Million. Attackers spoofed communication from executives “in a bid to initiate unauthorized international wire transfers.”

Here are a few tips to help identify this scam:

  • The email asks to wire fund to an international institution
  • There is high urgency to complete the transfer immediately
  • It circumvents normal channels and procedures

For any large urgent transfers, just pick up a phone and ask. I think bothering an executive on vacation would be more prudent than losing millions.

Type 2: Malware Attachment

We send attachments all the time, but sometimes those attachments are masquerading as malware. Yes, that pdf, really isn’t a pdf.

We recently had a client download a form of ransomware this way. Luckily, it was caught early and didn’t infect critical data, but it could have crippled their business.

How to identify:

  • Usually these emails are very generic and do not reference any current conversation
  • Attachments with filenames that do not reference a know project, account number, or business name
  • Suspicious and generic subject lines like “FWD: message from KM_C224e”
  • From emails reference a free email account versus a business email account (IE vs

This attack exploits our human desire to move fast. Taking an extra moment to review the email as a whole will help identify this attack and leave just one course of action, pushing the “spam” button.

Type 3: Download Click Bait

The final attack may be the most dangerous because it preys on our ignorance of software systems. Usually, these emails contain a link to download a file that directs us to a login page that looks very similar to a platform we already use.

We were recently attacked like this. An email sent to our entire team had a link to download a Dropbox file. Upon hovering over the link we noticed the link did not link to nor does the email look like a standard dropbox share email – a clear sign that this is not a legitimate email. Our knowledge of how our systems work empowered us to stay safe.

An example of spoofing email

How to identify:

  • Links to login pages that look like commonly used software
  • Asking for login info for a platform you’re already logged into
  • Emails are not designed properly
  • URL addresses that are not legitimate (IE: vs – the former is a url for a subdomain “google” on some non-google website, while the latter is the subdomain “somewhere” on the Google domain)

To prevent these exploits be sure to train your staff often about software features, how they work, what requires login and what does not. Looking to dive deeper or level up, here are 3 ways to protect your team from malicious email.