Spotting and Reporting a Suspicious Email at InvestorKit
As an InvestorKit team member, protecting our client data and company information is a critical responsibility. This guide will help you identify potential email threats and show you the proper reporting procedure.
If you come across an email that seems “off”, here are some red flags to watch out for:
- Strange sender details
The name might look familiar, but the email address is slightly off (e.g. john.doe@nab-secure.com instead of john.doe@nab.com.au).
The "Reply-To" doesn’t match the “From” address.
- Urgent or threatening tone
Warnings like “Respond within 24 hours or your account will be closed.”
Any message that pressures you to act immediately.
- Unexpected links or attachments
Files like .zip, .exe, or Word/Excel documents with macros you didn’t expect.
Suspicious-looking links (hover over to check before clicking — especially shortened URLs like bit.ly).
- Generic or poorly written content
Spelling and grammar issues, odd phrasing like “Click hear to verify”, or a generic greeting like “Dear Customer”.
- Unusual requests from familiar people
If a colleague sends a strange request e.g. asking you to review an invoice when that’s not part of your role, pause and double check.
If something feels off, trust your instincts and take the next step:
How to Report a Suspicious Email
- Do not click on any links or open attachments.
- Open the email, click on the three dots ⋮ (next to the Reply arrow), and select "Forward as attachment."
- Address the email to: it@investorkit.com.au
- Use the subject line: Suspicious Email Review
- In the body, briefly note what stood out (e.g. “Unknown sender + threatening language + .zip file”).