How to Recognize and Analyze Suspicious Emails (User Tips)

Protection against phishing and other cyber threats is a shared responsibility. In addition to the security measures applied by EmailLabs, user vigilance and awareness are extremely important. Below, we provide tips on how to recognize suspicious emails that may arrive in your inbox (including those impersonating EmailLabs or other services you know) and what to do if you suspect a threat.

What to Look For – Characteristics of a Suspicious Message

Sender of the Message:
- Unknown email address or unusual domain: Does the sender's address look familiar? Is the domain correct (e.g., @emaillabs.pl, not @emaillabs.com or @email-labs.org)? Phishers often use addresses that are deceptively similar to real ones, with minor alterations.
- Display name inconsistent with the address: The display name can be set arbitrarily (e.g., "EmailLabs Team"), but the actual email address might be completely different and suspicious. Always check the full sender email address.
Content and Language:
- Language and grammatical errors: Phishing messages often contain spelling, grammatical, or stylistic errors, for example, resulting from automatic translation.
- Emphasis on urgency and threats: Creating time pressure ("Your account will be blocked!", "Immediate verification required!") is a common tactic to induce rash actions.
- Unusual requests: Requests for login credentials, passwords, verification codes, credit card numbers, or other confidential information. Remember, EmailLabs and other reputable institutions never ask for such data via email.
- Suspicious promises: Offers that are too good to be true, information about unexpected winnings, inheritances, etc.
Links and Attachments:
- Suspicious links: Before clicking, hover your mouse cursor over the link (without clicking) to see the actual URL it leads to. It is often different from the link text and may direct to a fake website. Be wary of shortened links if you are unsure of their origin.
- Unexpected or unusual attachments: Especially executable files (.exe, .bat, .com), scripts (.js, .vbs), or compressed archives (.zip, .rar) from unknown sources. These may contain malicious software.
Overall Appearance:
- Low-quality graphics, logos: Blurred images or incorrect logos may indicate an impersonation attempt.
- Lack of personalization or incorrect personalization: If the message is very generic ("Dear User") or contains incorrect data, exercise caution.

Analyzing Email Headers:

For more advanced users, analyzing email headers can provide valuable information about the origin and authenticity of a message. Headers contain, among other things:

Message path (Received): Shows the servers the message passed through.
Authentication results (Authentication-Results): Information about SPF, DKIM, and DMARC verification. If these tests fail (fail), it is a strong warning sign that the message may be spoofed.

What to do if you suspect phishing or an EmailLabs account compromise?

Do not click on suspicious links or open attachments.
Do not reply to the message or provide any data.
If you suspect the message is impersonating EmailLabs or concerns your account:
- Log in to the EmailLabs panel by typing the address manually into your browser (not via a link from the email) and check for any messages or alerts there.
- Immediately change the password for your EmailLabs account and the email address associated with it.
- Enable or verify your Two-Factor Authentication (2FA) settings. (See section: Two-Factor Authentication (2FA))
- Check recent account activity, authorized domains, and users.
- Contact our support (bok@emaillabs.pl), describing the situation and attaching the suspicious message (as an .eml file or a screenshot with full headers).
If the message is impersonating another institution (e.g., a bank): Contact that institution directly (using official contact channels, not those provided in the suspicious email) and inform them of the incident.
Report abuse: If the message appears to originate from the EmailLabs infrastructure and violates our policies, report it to us. (See section: Reporting Abuse (Anti-Abuse Policy))

Remember, your vigilance and conscious actions are key to online security

PreviousHow EmailLabs Protects Against Phishing and Abuse NextReporting Abuse (Anti-Abuse Policy)

Last updated 2 days ago

How to Recognize and Analyze Suspicious Emails (User Tips)

What to Look For – Characteristics of a Suspicious Message

Sender of the Message:
- Unknown email address or unusual domain: Does the sender's address look familiar? Is the domain correct (e.g., @emaillabs.pl, not @emaillabs.com or @email-labs.org)? Phishers often use addresses that are deceptively similar to real ones, with minor alterations.
- Display name inconsistent with the address: The display name can be set arbitrarily (e.g., "EmailLabs Team"), but the actual email address might be completely different and suspicious. Always check the full sender email address.
Content and Language:
- Language and grammatical errors: Phishing messages often contain spelling, grammatical, or stylistic errors, for example, resulting from automatic translation.
- Emphasis on urgency and threats: Creating time pressure ("Your account will be blocked!", "Immediate verification required!") is a common tactic to induce rash actions.
- Unusual requests: Requests for login credentials, passwords, verification codes, credit card numbers, or other confidential information. Remember, EmailLabs and other reputable institutions never ask for such data via email.
- Suspicious promises: Offers that are too good to be true, information about unexpected winnings, inheritances, etc.
Links and Attachments:
- Suspicious links: Before clicking, hover your mouse cursor over the link (without clicking) to see the actual URL it leads to. It is often different from the link text and may direct to a fake website. Be wary of shortened links if you are unsure of their origin.
- Unexpected or unusual attachments: Especially executable files (.exe, .bat, .com), scripts (.js, .vbs), or compressed archives (.zip, .rar) from unknown sources. These may contain malicious software.
Overall Appearance:
- Low-quality graphics, logos: Blurred images or incorrect logos may indicate an impersonation attempt.
- Lack of personalization or incorrect personalization: If the message is very generic ("Dear User") or contains incorrect data, exercise caution.

Analyzing Email Headers:

For more advanced users, analyzing email headers can provide valuable information about the origin and authenticity of a message. Headers contain, among other things:

Message path (Received): Shows the servers the message passed through.
Authentication results (Authentication-Results): Information about SPF, DKIM, and DMARC verification. If these tests fail (fail), it is a strong warning sign that the message may be spoofed.

A detailed guide on how to check headers in popular email clients can be found here:

What to do if you suspect phishing or an EmailLabs account compromise?

Do not click on suspicious links or open attachments.
Do not reply to the message or provide any data.
If you suspect the message is impersonating EmailLabs or concerns your account:
- Log in to the EmailLabs panel by typing the address manually into your browser (not via a link from the email) and check for any messages or alerts there.
- Immediately change the password for your EmailLabs account and the email address associated with it.
- Enable or verify your Two-Factor Authentication (2FA) settings. (See section: Two-Factor Authentication (2FA))
- Check recent account activity, authorized domains, and users.
- Contact our support (bok@emaillabs.pl), describing the situation and attaching the suspicious message (as an .eml file or a screenshot with full headers).
If the message is impersonating another institution (e.g., a bank): Contact that institution directly (using official contact channels, not those provided in the suspicious email) and inform them of the incident.
Report abuse: If the message appears to originate from the EmailLabs infrastructure and violates our policies, report it to us. (See section: Reporting Abuse (Anti-Abuse Policy))

Remember, your vigilance and conscious actions are key to online security

PreviousHow EmailLabs Protects Against Phishing and Abuse NextReporting Abuse (Anti-Abuse Policy)

Last updated 2 days ago