Identifying Spam Emails

There will be cases where some emails come through that appear to be legitimate and pretend to be for something important or from somebody that is usually trustworthy. These can be tricky to spot, but there are a few ways to go about determining if the email is safe or malicious.

The first step is to see who the intended recipient was, sometimes the email is meant to be sent to a completely different email address that AFSgroup/Europcar WA does not manage or own.

Next, look for anything out of place, whether it is odd looking formatting or the layout of the email itself.

Do logos not look right?
- The image above has a lack of logos, despite claiming to be from OneDrive which is owned by Microsoft
Are they in the wrong position?
- In the image above, everything is on the right side.
Does the email look too cluttered or barebones to be from the real sender/business?
- There appears to be a lack of writing for the main body of the email
Does it use fonts or font sizes that feel too unprofessional or out of character for the sender?
- Examples might be, using comic sans font from a supposed Australian bank, or text within the body having various sizes and not being used to distinguish headings/titles.
Do the ABNs and contact information check out when googling for them as well as looking up the legitimate business/sender
Do the pictures look like they've been photoshopped poorly or are the images not even displaying properly (not because Outlook is blocking them)?

Check the spelling and grammar of the body of the email. Usually spam//fake emails have spelling mistakes or grammatical errors that otherwise shouldn't have gone through from professional businesses or legitimate senders. The trickier emails tend to have grammatical errors rather than spelling errors, as the attackers tend not to speak English as a first language.

Once we've checked the spelling, grammar and general structure of the email, we can look at any links or files attached to the email. WITHOUT actually opening any of them.
- In the case of links,, we can hover our mouse over each link. Outlook will usually have a popup showing the address that the link will take you to. If this does not match what the text says or it links to some webpage that does not match the context of the email then this can be a dead giveaway that the email is fake.
- In the case of attachments, the only way we can examine the attachments is by their filenames and their file sizes, again without opening them. If their names don't make sense in the context of the email or end with the file type of:
  - .zip
  - .exe
  - .vbs
  - .bat
- Then this is most likely an email with some form of virus/malware that's meant to run when the attachments are opened. Files sizes can also give this away especially if they're too big for what kind of file they're pretending to be. For example, a text file that is over 20MB in size would either have to be an extremely long text file or it's some kind of program pretending to be a text file.
Combining all the above will help to determine whether the email is a legitimate email from a sender that is normally trusted or if it's someone malicious pretending to be a trusted sender.
Should you still be unsure if the email is spam or not, please attach a copy of the email and send it to stevenl@afsgroup.com.au, nathanc@afsgroup.com.au or peterk@afsgroup.com.au
The fake email(s) should be deleted right away to not be accidentally opened in the future. Make sure that all traces of the email have been deleted, the email may have been forwarded to more than just one person before being received by IT, so it would be wise to make sure all recipients of the fake email are notified and have their copies deleted before they've had a chance to interact with them.