The Gaming Boardroom

Where the gambling industry comes to think

Spotting malicious email messages (ITSAP.00.100) – Canadian Centre for Cyber Security

Steve Tyler Exec Content

Spotting malicious email messages (ITSAP.00.100) – Canadian Centre for Cyber Security

Summary

Email is a convenient tool but also a primary attack vector for threat actors. This guidance explains how malicious emails and phishing work, the common tactics used (including spear-phishing, whaling and quishing), signs to spot in suspect messages, practical protections to reduce risk and the steps to take if you interact with a malicious email. The document emphasises organisational policies, technical controls (filters, DNS protection, allow lists) and user behaviours that lower the chance of compromise.

Key Points

  1. Malicious emails are used to steal credentials, install malware (ransomware, spyware), and exfiltrate or corrupt data.
  2. Phishing variants include spear-phishing (targeted), whaling (senior targets) and quishing (malicious QR codes).
  3. Common red flags: unfamiliar or misspelled sender addresses, altered logos, generic greetings, poor grammar, urgent requests and unusual demands for sensitive data.
  4. Verify requests independently — don’t follow links or scan QR codes in unsolicited emails; use official apps or manually enter URLs.
  5. Do not open attachments or enable macros from unknown or unexpected senders; disable automatic downloads and external image loading.
  6. Use email filters, aliases or disposable addresses to reduce spam and the attack surface.
  7. Organisations should enforce security controls: firewall and anti-malware, protective DNS, application allow lists, quarantine functions and clear AI use/configuration policies.
  8. If you interact with a malicious email: stop using the device, disconnect from networks, power off, contact IT/security, change credentials from a different device and run anti-malware scans.
  9. Report suspicious messages to your IT/security team and, where appropriate, to the Cyber Centre or the Canadian Anti-Fraud Centre.

Context and relevance

This guidance is important for all staff because email remains the most common entry point for data breaches and malware outbreaks. It is particularly relevant given increased use of generative AI (which can craft convincing messages) and wider hybrid/remote working patterns that expand attack surfaces. Organisations that adopt the recommended technical controls and user training reduce risk and can respond faster to incidents.

Author style

Punchy: the guidance is concise and actionable — it lays out clear red flags and concrete steps organisations and individuals should use right away. If you manage people or devices, the policies and technical controls here are essential reading; for general staff it’s a quick, practical checklist to follow every day.

Why should I read this?

Short version: read it — it’s a quick, practical checklist that tells you what to look for and what to do if something goes wrong. Saves you the faff of guessing and helps you avoid the big headaches (data loss, account takeover).

Source

Source: https://cyber.gc.ca/en/guidance/spotting-malicious-email-messages-itsap00100