1. Don't trust the display name
Just because it says it’s coming from the name of a person you know or trust doesn’t mean that it truly is. Be sure to look at the Email address to confirm the true sender.
2. Beware of urgency
These emails might try to make it sound as if there is some sort of emergency (e.g… the CFO needs $1M wire transfer, a Nigerian Prince is in trouble).
3. Look but don't click
Hover or mouse over parts of the email without clicking on anything. If the alt text looks strange or doesn’t match what the link description says, don’t click on it- report it.
4. Check the email signature
Most legitimate senders will include a full signature block at the bottom of their emails.
5. Check for spelling errors
Attackers are often less concerned about spelling or being grammatically correct than a normal sender would be.
6. Be careful with attachments
Attackers like to trick you with attachments. It might have a really long name. It might be a fake icon of Microsoft Excel that isn’t actually the spreadsheet you think it is.
7. Consider the salutation
Is the address general or vague? Is the salutation to “valued customer” or “Dear (insert title name here)”?
8. Don't believe everything you see
If something seems slightly out of the norm, it’s better to be safe than sorry. It is best to report it to your security operations center.
9. Is the email asking for personal information?
Legitimate companies are unlikely to ask for personal information in an email.
10. When in doubt, contact your SOC
No matter the time of day, no matter the concern, most SOCs would rather have you send something that turns out to be legitimate, than to put the organisation at risk.