5 Reasons Why You Should Report — Not Reply to — Suspicious Emails

Phishing emails are much harder to identify than most people realize. While you may laugh off the obvious ones, like your great grandmother’s long-lost brother leaving you an inheritance of 10 million dollars, hackers are getting smarter and much more sophisticated at dressing up their phony emails to come off as the real deal.

Consider this example:

Image source: Opus Bank

Such emails can trick even the savviest of web users.

Adversaries
spew millions of emails to targeted lists that include both invalid and valid email addresses. Any answer or reply back (even an out-of-office message) tells them your email address is active, making it even more prized. But that’s not the only reason to report suspicious emails without replying. Examined in detail below are five more reasons why you should never respond and always report any suspicious emails in your inbox.

Each email includes a header that determines the email subject, sender and other attributes. However, few people know that the header also reveals the location of the route taken by the email, server by server. That means the recipient can follow the list back from the point of origination in order to locate the server from which the email was first transmitted. Also, the recipient can use geolocation to get clues about the server’s location. Therefore, responding to a suspicious email may leak details about your location, from which the adversary can enter into a
people search tool, along with your name, to get your phone number and home address.

Responding to malicious emails could get your account hacked if the reply includes a detail or two about your personally identifiable information. For instance, some people include their full name and personal signature in the email footer, and others mention the name of their business/employer as well (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Dan Virgillito. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/FabTkRcKo-I/