In the 23 years that VantageOne has been in business, last year saw the most clients of ours affected by a virus or ransomware attack. Although most IT departments utilize firewalls, offsite/redundant backups, antivirus software, and other best practices to avoid a breech, hackers are savvy in their deception and often target end users.

As a provider of software development services, we have been increasingly called in to repair business software following an attack. Our programmers typically work at client locations and spend a great deal of time interacting with end users. Although attacks that affect the entire business typically come in at a different level, end users regularly ask our programmers how to recognize malicious emails that have bypassed spam filters.

As users, we depend on the creators of antivirus software to stay as current as possible on the latest malicious tactics and develop ways to block them. Even with the most up-to-date antivirus software and spam filters in place, many phishing schemes still go undetected. That’s why it is vital for users to be able to identify the red flags of harmful emails.

Most malicious emails require the reader to take action (such as clicking a link, providing sensitive information, or sending a payment), so the message is typically deceptive and enticing. Hackers rely on the curiosity of the reader to get their viruses or ransomware installed on devices. We’ve all heard stories about people who have received emails that look like a FedEx or UPS tracking notice instructing them to click a link for delivery information on a package they didn’t actually order – big red flag. However, some of us are so excited about receiving a surprise ”gift” that we click on the infected link without a second thought.

While some harmful emails contain embedded links that need to be clicked to install a virus or ransomware, others use threatening language to convince the reader to send them money. Below is an example of a threatening spam email we often receive at our office:

Hi, dear user

We have installed one RAT software into your device.
For this moment your email account is hacked too.

Changed your password? You’re doing great!
But my software recognizes every such action. I’m updating passwords!
I’m always one step ahead….

So… I have downloaded all confidential information from your system and I got some more evidence.
The most interesting moment that I have discovered are your videos.

I posted EternalBlue Exploit modification on a website, and then you installed my malicious code (trojan) on your operation system.
When you clicked the button Play on a video, at that moment my trojan was downloaded to your device.
After installation, your front camera shoots video every time you watch a video, in addition, the software is synchronized with the video you choose.

For the moment, the software has harvested all your contact information from social networks and email addresses.
If you need to erase all of your collected data and video with your enjoy, send me $600(usd) in BTC (crypto currency).

This is my Bitcoin wallet: 1Dh3XWxeDnrY7C2UWDF2YGSfvP39XgQrMP
You have 48 hours after reading this letter.

After your transaction I will erase all your data.
Otherwise, I will send video with your pranks to all your colleagues, friends and relatives!!!

P.S. I’m asking you – not to answer this letter because the sender’s address is fake, just to keep me incognito.

And henceforth be more careful!
Please visit only secure sites!
Bye,Bye

Another tactic hackers use is including names from your contact list in the email header in order to make the email look more believable. Occasionally, someone in our office will get what we have dubbed a “Fake Erica” email. The following email is an example of a phishing scheme that uses names from an organization’s contact list in an attempt to get the recipient to do something that will ultimately result in them losing money. The following email was sent to an employee asking them to do a believable favor for “me,” in this case purchasing gift cards for clients. After responding to this email, the employee received another email telling them to scratch off the back of the gift cards to reveal the redemption code and then send pictures of the front and back of the cards.

Example of a scam email with the senders name changed

In order to avoid falling victim to such schemes, we should all be in the habit of checking the sender’s email address. This is often denoted between “< >” signs. However, if you cannot see that portion of the email’s header, hover over the sender name and it will pop up. If the email address does not match the name of the sender in any way, it should be deleted and blocked or added to your organization’s blacklist.

One of our developers put together the following information to keep in mind.

Some deceiving elements that malicious senders commonly include:

  • A friend, family member, or coworker’s name as the sender’s name
  • Your name in the subject line
  • A friend, family member, or coworker’s name and title at the footer of the email’s body
  • Trustworthy or familiar details such as “Sent from my iPhone”

Elements to indicate to the reader that the email is not legitimate:

  • Requests for money (usually in the form of gift cards or bitcoin)
  • Suspicious looking hyperlinks
  • Poor grammar/spelling
  • No formal greeting
  • A message that seems out of character for the sender
  • The footer with the sender’s name and title is plain text only and doesn’t have the typical formatting, logos, and/or hyperlinks that you normally see in that particular sender’s emails
  • The sender’s email address is unrelated to their name or organization


For example, in the image below the email address of the sender is not Erica’s email address. This email address comes across as somewhat believable with the use of words like “executive” and “admin.” However, other email addresses are more easily identifiable as fraudulent – they often include random peoples’ names and unfamiliar or just outright strange domain names. Also, these domain names often don’t end in the usual “.com”, “.net”, or “.org” – they might be non-US country codes such as “.de” or “.au”, or full words such as “.business” or “.cloud”.

Hackers are constantly changing their techniques.And, based on the malicious email we have received in our office and the devastation experienced by clients and friends in the last year, simply distributing an email policy to users is not enough to avoid a catastrophe. Regularly discussing and showing examples of email phishing will raise awareness of the variety of tactics hackers employ and improve future recognition of malicious email. And, hopefully, avoid a devastating situation.

If you are experiencing software issues following a virus or ransomware attack feel free to reach out to us at 440-354-1458 to schedule a preliminary consultation.


Co-authored by Kate Rose
FREE Consult
close slider

[recaptcha]