C

Cybersecurity › Module 7 › Lesson 3

BeginnerModule 7Lesson 3/6

Email Links & Attachments — Red Flags

Learn to spot fake emails and dangerous links before they trick you

15 min+23 XP
Module progress3 of 6

Opening

Your inbox is a gate to your life

Email is how hackers get in. They send you a link or file that looks normal. You click it. Boom — your password is stolen, your money is gone, or your phone gets a virus. But you can stop this. You just need to know what to look for.

1. Why emails are such easy targets

Emails feel safe because they look official. A hacker can make an email look like it's from your bank, your boss, or a friend. You trust it. You click. That's the whole trick. Hackers don't need fancy tools — they just need you to click once.

2. Red flag #1: The sender looks almost right

Check the sender's email address carefully. A fake email might say 'Bank of Bangladesh' but the actual email is '[email protected]'. The name looks real, but the actual address is different. Real companies use their own domain. If the domain looks weird or misspelled, don't trust it.

Example of a fake sender

Real: [email protected] | Fake: [email protected] or [email protected]

3. Red flag #2: The message creates panic or false urgency

Hackers want you to click fast, without thinking. So they create fake emergencies. 'Your account is locked!' 'Confirm your password now or lose access!' 'Click here immediately to prevent fraud!' Real companies don't rush you like this. They don't threaten you in emails. If an email makes you feel scared or panicked, slow down and think.

4. Red flag #3: Strange links and weird URLs

Before you click any link, ask yourself:

  • Does the link match the message?

    If an email says 'Verify your Gmail' but the link says 'confirm-account.ru', that's fake.

  • Can you hover over it?

    On desktop, hover your mouse over a link (don't click). See the real URL in the bottom left. If it doesn't match what the email says, it's a trap.

  • Does it use http:// instead of https://?

    Real banks and services use https:// (the 's' means secure). Http:// is not safe for passwords.

5. Red flag #4: Suspicious attachments

Attachments are how viruses spread. Be extra careful with files you didn't ask for. Especially watch out for: .exe files (programs), .zip files (compressed folders), .scr files (screensavers), or macro-enabled documents (.docm). If someone you don't know sends you a file, or if a 'company' sends you an attachment you didn't request, don't open it.

Even PDFs can be dangerous

A PDF that asks you to 'enable content' or 'update your reader' is likely a scam. Real PDFs just open and show you content.

6. What to do if you see red flags

  • Don't click

    Stop. Don't click the link or download the attachment.

  • Don't reply

    Replying tells the hacker your email is active. They'll send you more scams.

  • Check directly

    If the email claims to be from your bank, go to the bank's website yourself (type the URL in your browser). Log in and check. Don't use any link from the email.

  • Report and delete

    Mark it as spam or phishing. Most email services have a report button. Then delete it.

Trust your gut

If an email feels off, it probably is. You don't need to be 100% sure to delete it. When in doubt, throw it out.

← Previous