Tips on How to Spot a Malicious Email

“I have installed antivirus software but I’m still receiving scam malicious email!” Sounds familiar, doesn’t it?

Email inboxes are still the most effective tool for cyber criminals to steal sensitive data and access computer networks. Most companies use antivirus software expecting to stop new threats or advanced malicious email attacks. Unfortunately, this is not always successful.

Scam emails are a real concern because they are often used to deliver new ‘fast-break’ or ‘zero-day’ attacks. Endpoint antivirus software can identify known threats and assist in stopping threats delivered via other means such as flash drives or USB but zero-day malware received in scam emails is likely to remain undetected by any antivirus software.

Cyber criminals consistently adapt and develop their exploitation tools at a fast pace. It can take hours or even days for antivirus vendors to identify new threats and organize software updates. Further, delays then occur while their customers download and install those updates. During the updating process, unprotected computers are susceptible to attack.

Because sophisticated cybercrime networks are familiar with traditional antivirus solutions, they will examine and improve their attacks to ensure success.

In one specific email scam that had been intercepted, scammers used over 160 variations of the attack to stay ahead of antivirus updates.

Companies that rely on antivirus protection alone put their data-security at serious risk. Cyber criminals know that humans are a cybersecurity loophole. Their objective is to get malware emails into a company’s inboxes, because people are much easier to trick than machines. If just one person inside a company opens a scam email and clicks on a link, they can infect the whole company’s computer network.

Have a look at the screenshot below. This is an actual scam email that was intercepted earlier this year.

Here’s our tips on how to spot a malicious email:

  1. Use your Outlook Reading pane to look at the email.
  2. Check the email address it is being sent from.  The displayed name may be legitimate but what does the actual email address say?
  3. Look at the link in the email.  Is it related to the company that is sending the email?
  4. Look at the language in the email.  Is it generic?  Does it say dear customer?
  5. Examine the attachment name.  Is it generic?  Is it something you recognise?
  6. If in doubt call your IT department/partner or delete it.

If you’d like any further information, assistance with your cyber security or you don’t know where to start please call us on  1300 478 738 or email us at

Contact Us

This field is for validation purposes and should be left unchanged.

Find out how we can help with your IT challenges.

About the author:

Picture of Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing. His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow. After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need. His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder. His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top