Here’s a screenshot of something that appeared in my inbox recently:
I spend a lot of time trying to describe the kinds of emails you should avoid, but this one illustrates those concepts perfectly. Let’s look at a few warning signs:
- The message wasn’t expected (I’m not a USAA member, but even if I was, this isn’t a usual email)
- The subject line is intended to provoke a fear reaction
- The subject line is kind of weird, grammatically; are they saying that a “New Document” has been prevented? If “Due to Suspicious Sign-in” modifies the subject of the sentence, which in this case is “New Document,” then…okay, you get it; it just reads weird.
- There is a file attached (the little paperclip icon)
What is supposed to happen with this kind of email is that the victim sees “Suspicious Sign-in” and immediately opens the message, which is most likely blank or contains instructions to open the attached file. Once the victim does that, some form of malicious software, anything from spyware to ransomware, will be installed on their computer.
What actually happens, when the recipient knows some of the warning signs, is that the message is immediately deleted and causes no harm.
Also note that this message slipped past some pretty burly anti-spam and anti-malware software. Those tools are important, but sometimes a dangerous email still makes it through. Stay vigilant!