- Look at the sender’s email address – These email addresses can be spoofed to look like someone you know, but also, they could be one that has a different country’s domain on it (example.com.ru, or support@microsoft.com)
- Look at the Subject line – Does it create a sense of urgency? These are typically viruses. Does it have 1 word in it but appears to be a response like “Re: Document”? – This is also a tall tell sign of a virus.
- Look at the body of the message – If the sender is a recognized sender, does it follow their normal emailing criteria – Does it have a salutation – is it directed to you specifically, or is it generic (Hi, vs Hi Adam,). Does it have a signature for the person who sent it? Does it match the name of the person you identified in the email address above? Does it have the company’s contact information and/or graphics that you’ve been accustomed to seeing if you’ve received mail from them before?
- Look at the content of the body – Is it just asking you to open a file or go to a website link? Does it have ‘syntax’ gone wrong (in this example from ACT, you’ll notice the end finishes off with </html1 – this is a huge giveaway that it’s a virus or worm).
- Look at the direction of the message – Does it ask you to open the attached file? Does it create a sense of urgency? With viruses, the purpose of the body is to entice you to open the attachment. A common method is by fear and urgency.
- Look at the attachment – is it a zip file? Is it a PDF? Is it a docx or doc? – how big is it? If it’s really small, around 1kb to 22kb, it is most likely a virus – couple this information with the above identifying marks above and you will have a very good indication that it’s a virus. This is not always the case anymore as I saw 1 virus that had a 440kb PDF attachment, but if you looked at the rest of the steps outlined above, it failed 2,3,4 and 5.
When deleting viruses, please use SHIFT DELETE (which will permanently delete the email), and not just delete (which will just move it to your Deleted Items folder).