Social Engineering Red Flags

If you’re ever uncertain of a suspicious email, don’t click any links or reply to the sender, and always feel free to ask your dedicated support engineer at SeedSpark. 

Anatomy of a Phishing Email


Who is the email from? 

  • Do you recognize the senders email address as someone you usually communicate with, have a business relationship with, or has been vouched for by someone you trust?
  • Is the email from a suspicious domain? (be on the lookout for unusual characters, spelling or punctuation, i.e.

Who is the email to?

  • Were you cc’d on an email to multiple people that you don’t personally know? (This could be random group of people at your organization whose last names start with the same letter, or even a whole list of unrelated addresses)

When was the email sent? 

  • Was this an email you would normally receive during business hours, but it came at an unusual time such as 3am or during a weekend or holiday?

What’s in the subject line?

  • Does the subject line match the message content or seem relevant? 
  • Did you receive a reply to something you never sent or requested?

Does the content seem odd?

  • Is the sender asking you to click a link or open an attachment in order to avoid a negative consequence, gain something of value, or for any reason that seems odd or illogical?
  • Does the email content seem unusual or out of character for the person you received it from? Was it unexpected?
  • Is the email asking you to look at compromising or embarrassing pictures? 
  • Are there bad spelling or grammar errors in the message?

Are there any suspicious attachments or hyperlinks?

  • Did the sender include an attachment that you weren’t expecting or that doesn’t make sense in the context of the email? 
  • Does the attachment have a possibly dangerous file type? (The only file type that is always safe to click on is a .txt file)
  • When you hover over the hyperlink, does it show a link-to address that is different than what is displayed? (This is a BIG red flag)
  • Does the hyperlink have a misspelling of a known website? For instance, - the “m” is really two characters - “r” and “n”. 


Other Resources:

Downloadable PDF: Social Engineering Red Flags

New Strain of Ransomware Encrypts Email Inboxes

Phishing Attacks: How to Identify & Avoid Them

Written by Taylor Clark

    Related Post

    Growth Is Just One Click Away

    Want to chat? Just share some project details and a member of our sales team will be in touch to learn more about your vision and how we can help!
    How can we grow together?