Now that you know what types of malicious emails are out there (If you’ve not read our piece on malicious emails yet, we suggest starting there) it’s time to learn how to protect yourself. How? By being aware of what to look for. The best way to protect your accounting business from this type of attack is prevention.

If you and your staff know what to look for, and how to avoid them, you’ll never need to worry about how to fix issues that arise from such attacks – because they’ll never happen!

Tip #1: The Sender’s Address Doesn’t Look Quite Right

The first place to look is at the sender’s email address. Does it look formal, professional, something you’d expect? Pay close attention to the email address. Look for anything suspicious:

  • Capitalised or uncapitalized letters that shouldn’t be there
  • Lower-case L’s replacing capital i’s
  • Random numbers or letters
  • The suffix beyond the @ symbol

You’re looking for any discrepancies in the email address. For example, an email from PayPal, you’d expect: or something similar.

So, if you receive an email from ‘PayPal’ that looks like this: heLp@pAyPaI.nekx (exaggerated), you know it’s clearly not from the company itself.

Here is an example of an email with a fake sender’s address.


Tip #2: The Links in The Email Look Suspicious

Much like the tip above, you’re looking for anything strange. Links are another easy way to spot errors from shady senders. As above, search for anything that looks suspicious; letters or capitalisation out of place, extra characters, strange suffixes, and so on.

Another handy tip is to hover your cursor over the hyperlink; while the link in the email can look legitimate, when you hover your mouse cursor over the link, it will display the real hyperlink. This is an easy way to see if somebody is trying to trick you into visiting a spoof website.

Below we have an example of a suspicious link that users are directed to from an email from “Apple”.

Tip #3: Is This an Email You Were Expecting?

This tip is focused more on common sense than the previous two, which focus on technical aspects of the email you’ve received. Ask yourself before clicking or responding to any questionable emails:

Did I expect this email?

If the answer is no, or you’re not sure, that should be a red flag; even more so if it’s on the topic of a payment, bill due, or similar. It’s highly likely that you’re well aware of any payments incoming or outgoing from your business. Receiving a random invoice or request for payment should raise a small alarm bell.

Confirm with the apparent sender directly if you can. Don’t respond directly to the email or use any contact information in it; find the contact’s information via their website or a mutual contact.


Tip #4: Does the Email Look Right to You?

Much like Tips 1 and 2, Tip 4 focuses on the email itself. Beyond looking at the technical aspects of the email (the email address and the hyperlinks), the general content of the email may give some indication as to whether you should take it seriously or not.

Pay attention to the following things:

  • Grammar
  • Spelling
  • Formatting (is the email correctly aligned? Are images in the right places? Or is everything skewed?)
  • Is the email well-written? Does it seem like it was written by a professional or company representative?

Catching any or all of the above mistakes likely means you’ve received a spoof email; confirm with the contact (again, not by directly responding to the email) if you can. More than likely, you should be free to block the email sender and move on with your day.

Tip #5: Too Good to Be True? It Probably Is

If all else fails, it’s down to pure common sense. Most malicious emails are designed to entice recipients, build curiosity, or engage them in some way. Are there promises of money, financial incentives, or other rewards?

Ask yourself: Does this sound too good to be true? Would I be suspicious if someone walked up to me and said the equivalent of this email?

If so, be on your guard; as you likely know, if something sounds too good to be true, it most likely is – and you’re in danger of being caught in a scam, phishing attempt, or similar.

Here is an example of the type of message you need to look out for.


Follow the 5 tips above, and you’ll rarely fall foul of suspicious or malicious emails that come your way.