Protect Your Company by Knowing How to Identify Valid and Suspicious Email

May 10, 2018

Protect Your Company by Knowing How to Identify Valid and Suspicious Email 

While companies may have spam filters and antivirus software, spam and phishing emails can still slip through employee inboxes. Email recipients are the most critical element in preventing an attack. Here are some tips on how to identify the authenticity of a questionable email. In addition, the ALTA Registry can serve as a resource to help prevent wire transfer fraud. 

Incorrect Grammar/Spelling/Text Body

Many phishing emails contain misspellings. Some of these messages have been poorly translated from other languages. Additionally, you will want to pay attention if the time or date appears in the message body of an email. If the email contains the date format of DD/MM/YY, 24-hour time or coordinated universal time (UTC,) it’s likely that the email’s point of origin generated outside of the United States.  

Email Format/Absence of Logos/Plain Text Email

Most legitimate messages will be written with HTML. It should be a mix of text and images. A poorly constructed phishing email may show an absence of images. This includes the lack of the company’s logo. If the body of an email is only an image as text, it’s possible that it is illegitimate. Outlook blocks showing images by default. If the email is all plain text and looks different than what you’re used to seeing from a frequent sender, you may want to contact the sender directly in a new email or phone call.

Urgent Request for Personal Information

One tactic that is commonly used by hackers is to alert you that you must provide and/or update your personal information about an account (e.g., Social Security number, bank account details, account password). Phishers will use this tactic to drive urgency for someone to click on a malicious URL or download an attachment aiming to infect the user’s computer or steal their information.

Suspicious Attachments

High-risk attachments file types include: .exe, .scr, .zip, .com and .bat.  Spam filters will generally do a good job of quarantining those formats. Most companies commonly send and receive .zip, .doc, .docx, .xls, .xlsx, .ppt, .pptx and .pdf. However, a malicious sender can implant devious code in those formats as well. Once the attachment is opened, the computer is already compromised. Take caution if you have sent an email that has an attachment and the sender is questionable. You will want to verify the legitimacy of the email first. Next, you will want to examine the context of why the attachment is being sent.

Links in the Email

A common practice is to avoid blindly clicking on links in an emails. Outlook allows you to hover over a link before clicking on it. If the link in the body of the email is different than what Outlook hovered preview reports, it is not legitimate. Even if it seems legitimate, open a new browser window and type the URL directly into the address bar. If you've clicked on a link, a phishing website will look identical to the original. However, your system may already be compromised.  If you’re work email is connected to your phone, you will want to take extra precaution. 

Use Work Email for Work Purposes Only 

Employees should avoid using their work email address for personal signups. These include social media websites or customer loyalty/ reward programs.    

ALTA Registry

Whether scammers try to hook their prey by phone call or email, they always seem very convincing. For example, what would happen if a loan processor received an urgent email asking to change funding details on the day of closing? The request appears to be from the title or settlement agent closing the loan. The email looks legitimate: The logo, the agent’s name and contact details, the loan number and the borrower name are all correct. Even a phone number is provided to confirm the last-minute change. However, the email is actually a scam! Even though every other detail looks correct, the phone number routes to the scammer. 

By using the ALTA Registry—a single source of truth—a lender simply could look up the agent’s actual underwriter-confirmed contact details. Comparing the phone number in the email with the contact details listed in the ALTA Registry immediately would set off a red flag that something was wrong. In this scenario, the scammer could not have broken through the lender’s line of defense.


Contact ALTA at 202-296-3671 or communications@alta.org.