Seven Tips on How to Identify Malware Threats in Business Email

Despite constant advances in IT security, cybercrime continuously evolves to keep up. Cybercriminals always strive to get ahead of improved IT security systems by leveraging new technologies and techniques to infiltrate or compromise systems. Data breaches have, unfortunately, become a common occurrence. Even big-name brands like Adobe and Equifax have fallen victim to breaches, exposing millions of customer records.

Managed services providers (MSPs) can be prime targets for cybercriminals because they can provide a gateway into all the MSP’s customers’ businesses. In other words, if an MSP gets breached, the hacker can likely access the data and systems of all of the MSP’s customers. A full-scale breach of this nature can have disastrous consequences for an MSP, including loss of customers and revenue, damaged brand reputation, and potentially even legal liability.

According to Verizon’s 2018 Breach Investigations report, 92% of malware is delivered by email. Despite this, email is an often-overlooked aspect of IT security for businesses. To help your MSP establish robust email continuity, this guide will highlight the most common malware threats, teach you how to identify them, and suggest an email security solution that takes the guesswork out of the equation.

Malware types to know

There are several types of malware threats in 2020 that all MSPs should be aware of to best protect their business and customers. These include:


A computer virus modifies host files on a computer so the malicious code runs when the victim starts the malicious files. Because viruses affect other files, they can be hard to clean up after. Pure viruses aren’t as common these days compared to other forms of malware. In fact, computer viruses comprise less than 10% of all malware.


Worms were brought into fashion via email in the late 1990s. A worm will often arrive as a message attachment, which can infect an entire organization when opened. The key feature of worms is that they are self-replicating. While viruses require the end user to execute it, worms exploit other files and programs without the need for any action from the end user.


In the Illiad, Greek soldiers hid within a wooden horse, offered as a peace gift to the Trojans. Once the Trojans brought the horse into their city, the Greek soldiers came out at night and defeated the Trojan army. This sneakiness applies to trojan malware. Trojans often masquerade as legitimate programs like an MP3 download, but actually contain malicious code. The end user must open the trojan for it to launch the malicious payload. Users typically get trojans either from a bad email or by visiting a website that has been infected.


Ransomware refers to malware programs that encrypt your data and hold it hostage. Usually, the data will not be released until a payment (often in cryptocurrency) has been made in exchange for the ransom. Ransomware attacks can cripple companies, and there have even been instances of ransomware attacks having a devastating impact on hospitals, police departments, and entire city governments.


Adware is a software program that typically collects data from your computer to serve you either legitimate or malicious advertisements. For example, an adware program, when malicious, may make changes to your browser’s home page or slow your system down.


Spyware involves monitoring the activities on a given computer. For example, some spyware allows attackers to capture keystrokes, which could lead to them getting passwords or sensitive data. Spyware can be fairly easy to remove compared to other types of malware.

However, even if you end up with spyware on your machine, you still need to be alert. Often, when they’re present, they can indicate another vulnerability that could lead to a more serious cyberattack.

Tips for identifying malware threats in business emails

All the malware types listed above can be email-borne in one way or another—which is why it’s critical that MSPs and their customers are vigilant. These malware types may come in the form of an attachment or a link to a malicious website. Emails that contain malware threats can vary enormously in content and theme, but all of them will have one thing in common—they are opportunistic by nature.

To protect your business against email-borne threats, employees should understand how to identify suspicious emails. To successfully identify malware threats in business emails, here are some things you should look out for:


Many malicious emails use display name spoofing and other techniques to disguise the true sender. Display name spoofing aims to make it seem like the email has been sent by a legitimate entity or trusted individual. While some spoofing may be incredibly convincing, it’s worth double- and triple-checking the header to view the sender’s email address. If the sender’s email address is unfamiliar or doesn’t match the expected email address of a company, then it probably isn’t legitimate.

Keep in mind that cybercriminals will often use very slight variations of a company’s actual email address to fool you, so look out for subtle differences (for example, extra characters or additional letters in the domain name). Malware emails may disguise themselves as fines, faxes, court notices, invoices, or package delivery notices.


If an unfamiliar email asks you to confirm, check, review, or provide information using an attachment, it’s likely to be a malware attachment. Before opening the attachment, verify the email address is legitimate. If you’re unsure, it’s best to avoid interacting with the message until you’ve had a chance to double check with the sender in person or over the phone to make sure they legitimately sent the message.


It’s very important that you not only check the header of an email you receive, but also the actual body of the email. Review the language carefully to identify any strange requests, pressure, or a sense of urgency. If an email is pressuring you to take urgent action, such as pay a fine or respond to a court summons, there’s a chance it contains malware. Another sign that an email might contain malware is poor grammar and spelling.


If an email includes a strange or unexpected attachment, there’s a good chance it contains malware. Some attachment file extensions that could potentially be considered suspicious if you weren’t expecting them from the sender include: .zip, .xls, .js, .pdf, .ace, .arj, .wsh, .scr, .exe, .com, .bat., and .doc. While attachments with these file extensions certainly can be legitimate, it’s best to exercise caution where possible. It’s also important to be aware of the fact that the file extension might be hidden, and the contents may differ from what is indicated in the message. Always be wary of opening email attachments, as malicious attachments are very popular among cybercriminals.


Some malicious emails will encourage you to follow a link to a website that may contain malware. Before clicking on a link, take a moment to review the actual URL. A legitimate URL is likely to start with https. If it starts with http, you may have reason for concern. If a link is hyperlinked, be sure to hover over the text with your cursor so you can preview where a hyperlink leads before clicking the link and potentially exposing yourself to risk.


When it comes to large companies like PayPal, FedEx, or your bank, authentic emails will almost certainly be written with HTML and contain a mix of images, text, and an email signature. Some malicious emails will use plain-text. Also, if you do get something that seems off, it probably is. Check your links to make sure a logo is going to the actual website it claims to be from.

7. A generic greeting

If an email claiming to be from a large, reputable company starts with a basic greeting like “Dear Sir or Madam,” the email may be suspicious. Many large companies have your name from when you signed up for email alerts if it’s a newsletter or mass communication, so expect to see your first name (or no greeting).

Establishing a secure email gateway

Regardless of if your customers and technicians know how to recognize every malware identifier in the book, there’s always a chance of malware slipping through and threatening the network. In addition to learning how to identify various types of malware, a critical element of protecting your business and customers from email-borne threats is the implementation of a cloud-based email security tool.

For email security and continuity, SolarWinds® Mail Assure can help ensure you are prepared to protect customers with robust inbound and outbound email monitoring. This email threat protection software features encrypted email archiving for long-term storage, as well as an Intelligent Protection and Filtering Engine built on collective intelligence for accurately fighting back against email threats. Mail Assure delivers 24/7 built-in email continuity, and even offers support for popular tools like Microsoft 365. For MSPs interested in learning more, a 30-day free trial of Mail Assure is available.

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a trial.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site