Trick or threat – a quick guide to scary emails

The Halloween season is upon us. But, to be honest, it’s not easy to scare someone who works in IT. We’re not scared of zombies – Exchange 2003 in the basement never really bites anyone. We’re not scared of vampires – we just don’t like the sun that much… What really scares us is the true monsters that we meet each day in our mailboxes. That’s right, emails are what really frightens us. Read some of the scariest ones, if you dare…

Trick or threat - a quick guide to scary emails

Private message from a Nigerian prince

Sure, you knew this one. If you’ve never received one of those, it probably means you are fresh to the Internet.

The thing is, you receive an email from a Nigerian prince who is in desperate need for a couple of thousand {insert your currency} because {insert a stupid unrealistic reason you might need cash for}. Of course, the Nigerian prince (the name and location may vary) will pay you back with MILLIONS percent interest, as soon as he regains access to his account.

The Nigerian prince scam is probably the oldest one in the book. The scary thing about it is that quite probably it has worked at least a couple of times, since it’s a regular visitor in most mailboxes.

Trick or threat? Definitely a trick by now.

A bank client has died

Or, as I call it, the Nigerian prince v2.0.

The email comes from a bank employee. The sad story is that one of the bank’s clients has recently made a huge deposit and then DIED. In the most extreme version, the death claimed the client together with the whole family. Now, the supposed bank employee, ignoring the screams of agony, writes to you with an interesting offer. If you contact his cousin, the retrieval of this deposit could be arranged, since you have the same, {unspecified} last name as the recently deceased family member. Sounds reasonable.

Although it uses the same mechanism as the Nigerian prince scam, it’s really a more or less hopeless attempt to steal your money or personal data. While in this form, most people are not that likely to give in to their greed, the email is much more scary when the scammer increases the authentic feeling by enclosing your real name, for example.

Trick or threat? Still a trick, more than a real threat. Keep your guard up, though.

I can see you… He he he…

This one is good. It usually goes like this:

The sender tells you they hacked your email account. The proof – the message is sent from your email address.

What is this person writing about? They have hacked not only your email, but also the entire machine you’re using and recorded you, while you were visiting some dark corners of the Internet. The recording is edited to show you on one side and the “sites” (wink, wink) on the other. Stylish. If you don’t fill the sender’s linked e-wallet, this horrible video will be sent to all your contacts, INCLUDING YOUR GRANDMA!

You might think it is hopeless and nobody would fall for it. Well, I don’t know if the success rate of those scammers is high. I know, however, that I have seen many integrated webcams covered with a sticky tape.

The thing is, some people don’t know that it is quite easy to spoof an email address to make the message look like it is coming from the recipient’s address. It’s nothing to be ashamed of – not everyone needs to be an IT expert.

Trick or threat? Threat! At least if it reaches the right person.

Your password has expired

In the world of today, expiring passwords are quite normal. Quite probably, data security policies at your company require you to change your password from time to time, so you’ve gained a conditioned reflex to change this last number in your password and don’t think about it that much. Beware…

This email can get one of countless forms – it can inform that your password has expired, that email quota has been reached, or your email has been locked until you log in again. The problem is, when you click the provided link, you visit a fake login page, which sends your credentials directly to the scammer. Then, they can log into your mailbox and do some real damage. It gets even worse if you have a single password and use it across different accounts…

This kind of attack can have different forms and its designer’s “professionalism” level can vary. Kindergarten scammers will present an email which looks nothing like the real notification, is full of typos, send it from a {} domain and might even ask you to send credentials by email. “Professional hackers” will create a compliant design, redirect you to a certified domain that looks like the real login page with a very similar address (like They can even fake an MFA login request and use your code to log in to your account, despite the high security standard.

Trick or threat? Threat. Depending on how well the email looks, it might work on some employees.

My account number has changed

Nobody would fall for this, you might think again. It is not as obvious, though…

Whenever you get an email stating that the bank account number has changed, you should stay on alert. On one hand, you wouldn’t want to miss a payment and get sued just because you have sent it to the wrong account that is no longer active. On the other, what if the email is from a scammer who wants you to think that? That’s why there is a chance that someone catches the bait. Especially when the email comes from the hacked or spoofed address of your service provider.

Trick or threat? Could be a threat. Depends on the time it gets to you and how much effort the attacker puts into the attack.

Crappy email signatures

How is this scary? Ask any person who deals with online marketing or company visual identity…

You receive an email which looks fine at the first sight. No links to check, no threats, no annoying direct marketing of things you never wanted… And then you scroll down to see this:

Funny animated gifs, life mottos, quotes of the day, broken links, broken design, red boxes instead of images, colors that make you sick… You don’t want them in business emails, unless you want your customers to think you are a company filled with people who don’t care for professionalism.

Still laughing? It won’t be as funny when a C-level executive emails you directly to ask:

  • Why is everyone doing whatever the hell they want with their email signatures?
  • Why aren’t you striking iron while it’s hot?
  • How come they can manage their email signatures from one place and we are way behind?

Trick or threat? Threat! Email signatures are your business cards and can either create or destroy more opportunities than you might think.

Unsubscribe links that don’t work

This might be scary for recipients, as well as for senders, depending on the circumstances.

SPAM is the worst. It makes us angry, tired and reluctant to read emails which look even remotely “spammery”. The good thing about SPAM is that some regulations, like GDPR, should make it go away, or at least force senders to include an unsubscribe link.

Now there can be two kinds of problems. First – you were the sender and the unsubscribe button does not work for some reason, which is a serious data protection incident. Second – you are the recipient and you either cannot unsubscribe or you are redirected to a fake unsubscribe site where you need to log in to continue.

Trick or threat? Threat. Either because you can break data protection-related regulations or give your credentials to the attacker.

Sign the document and send it back

The worst thing about those emails is when you expect them and they look so real…

Most people are aware that email attachments can carry one of the worst things the technology has to offer – malware. Even worse – most people know better than to download & open attachments from phishy, sorry, fishy sources. Others might have software to tell them or simply not let them open documents attached to emails.

The problem is, no single person and no single solution is perfect. New threats, new kinds of ransomware, trojans and other horrible creatures might surprise even the most aware users. The worst thing is where your good client gets hacked and sends an email which looks perfectly fine, it is a reply you have waited for and uses the same style you would normally expect. The attacker can easily steal your or your clients’ data.

Trick or threat? High-level threat. Targeted attacks like that might not be as frequent as the mass methods mentioned above, which makes them even more scary.

Halloween email signatures

Seeing a vampire in your mailbox might give you some goose-bumps… Well, not really. Your marketing dept. claims that a Halloween email signature is a great way to boost your scary-themed offers and make those campaigns clickable again.

You might think – those guys from Marketing are INSANE. Setting up email signatures for everyone just for a few days? All those different email clients… Who would set this up? Well, just because they are a bit crazy, doesn’t mean they’re not right. Event-related and themed email signatures can have great response rate and there is a way to set them up in a few minutes.

By the way, if you want to get some of this traffic for yourself, here are some Halloween signature inspirations.

Inspirations for Halloween email signatures

Trick or threat? To be honest – neither, that’s the only treat in the article.

How not to fall victim to one of the threats?

You probably know how to distinguish threats from harmless emails. But do all your users know how to deal with this? No single method is foolproof, but if you follow a few simple rules, you should be immune to the mass attacks at the very least.

Look at the addresses

Trick or threat - fake sender

Most attacks come from strange addresses. Looking at the “From” address lets you quickly identify the most obvious attempts at tricking you. However, you also need to take a look at the “To” address when you reply as it might be different.

Invalid SPF records, which usually mean that the “From” address is spoofed, are usually caught by most spam filters. But have you ever seen a valid email go to Junk Items?

Don’t click any links!

Too extreme, isn’t it? There are some links, though, that should never be clicked. For example, if you see that the hyperlinked text is “” and when you hover over this, the link turns out to lead you to “http://highlysuspiciousdomainyouwouldnevergoto.ever“. The problem is when the target URL is only one character away from the real name. You could miss the difference – people usually don’t take more than one second to verify an address and our eyes easily trick us.

Be suspicious

Trick or threat - Watch out for malware

A conspiracy theory is a bit too much – not everyone is out to get you (I think). But a healthy dose of suspiciousness when going through your emails shouldn’t hurt anyone. And remember – if an email seems even a tiny bit fishy, you can always call the sender, ask someone if it looks suspicious to them, or go to that login page manually, without clicking the link provided in the email.

Tools for Exchange Server

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>


CodeTwo sp. z o.o. sp. k. is a controller of your personal data.
See our Privacy Policy to learn more.