Back

Top 10 tips on spotting scam emails

Is that email really offering you all that money? Is it really from a long lost relative? Do you really have to give the bank your personal details? On the surface, emails like this appear often to be from a legitimate company or individual, but trust us, they’re not.

Scam or ‘phishing’ emails are sent out by the millions every day to unsuspecting victims across the world, so it’s a very good chance that one of these will land in your inbox. While some of these messages are often easily identifiable as obvious frauds, others can be very convincing.

So, how do you make sure that you don’t fall victim to a phishing scam and end up with your sensitive details stolen? Here are our top tips to help you defend yourself against these threats:

Check all URLs

If you receive a suspicious email, the first thing to do is check the integrity of any embedded URLs. You will always want to check links are legitimate and use proper encryption (https://). However, a URL in a phishing message will often appear to be valid. To be certain, hover your mouse cursor over the top of the URL to see the actual hyperlinked address. If it is different to the email address that is displayed, the email is probably fraudulent.

If this doesn’t work, open another window and go to the site directly rather than using the link that the email provided.

Poor spelling/grammar

Think of the official emails that your company sends. They will be reviewed thoroughly for spelling mistakes and grammatical errors. If you receive an email message full of poor grammar and spelling mistakes, it is unlikely that it will have come from an official company. You wouldn’t send out an email starting ‘Dear Costomer’ for example.

Surprisingly, scam emails with misspelled words are often done so on purpose. You would think that it would easily reveal that an email is illegitimate, but it is actually a tactic used to identify less savvy users. If a spammer gets a response from a poorly written email, it is clear that the recipient is an easy target, so they will focus their efforts on getting whatever they can from them.

You’re asked for personal information

If you’re ever asked for personal details, it’s always a bad sign. Your bank simply wouldn’t send you an email to check your account number as they already know it. Similarly, a reputable company wouldn’t ask for your password, credit card number or the answer to your security question. Phishers use this technique to instil urgency in order to to make the recipient click on a malicious URL or download an attachment that will infect their computer.

An offer that’s too good to be true

If an offer you receive via email sounds too good to be true, 99% of the time, it is. If an email makes big promises, don’t be tempted to give any of your personal details away. Also, if the content tells you that it is urgent and that you have to transfer money to another account, mark the email as junk and delete immediately.

Honestly, why would a Nigerian prince ask you to smuggle money out of his country when you’ve never spoken to him before?

Suspicious attachments 

Why would a legitimate organization send you an email with an attachment unless it was a document you requested. Again, when you receive emails like this, take a step back and think first.

If you receive an email that looks even remotely suspicious, don’t open any attachments and delete it immediately as it could be malware. High risk attachment file types include: .exe, .scr, .zip, .com, .bat.

You didn’t do anything

So, you’ve got an email saying that you won the lottery. Did you actually buy a lottery ticket though? Chances are you didn’t.

This type of scam involves clicking a link and entering personal information. Basically, if you do this, not only will you not win a prize, you’ll have fallen victim to a common email scam.

No imagery

Reputable organizations write their emails in HTML with a mix of text and images. Many poorly constructed phishing emails don’t even use a company’s logo. If the email you receive is all in plain text and looks different to anything else you have received from that sender, just ignore it no matter how important it ‘appears’ to be.

Threats are made against you

Most scam email tries to trick people into giving up personal information or money by promising big rewards. Others, on the other hand, try and use intimidation to scare recipients into giving up their details. If you receive an email that makes a ridiculous threat against you, then it’s probably a scam.

A good example is if you receive an email from your ‘bank’ saying that your account has been compromised and that if you don’t provide your personal details, your account will be closed and all of your money will be seized. Now, it’s actually illegal for a bank to close your account and take all of your money simply because you didn’t respond to an email. Don’t ever feel threatened by emails like this and simply delete them.

IP reputation

If it is easy to identify the sending IP of an email you’ve received, you can check the IP’s reputation through Return Path‘s Sender Score site. This useful tool gives you an insight into the sending IPs historical performance, giving it a score from 0-100. If the score is low, then it’s more likely the email is a phishing or spoofing attempt.

Your email address is the From: address

If you see that your email address is listed as the From: address, this is a telltale sign of a scam email message. At the same time, if there are a lot of recipients in the To: field, be very careful. If an email is sent to you from a real organization, it will most likely be addressed to you and you alone. If you also see “undisclosed recipients”, be cautious and double check the email using the other tips highlighted in this article.

At the end of the day, when it comes to email, you must always be aware of the phishing and spoofing threats that are out there. If you click on an email that ends up compromising your personal details, it could also threaten your company’s IT department leading to some serious damage being inflicted.

If you ever have ANY doubts about the authenticity of an email, either delete it or forward it to your IT department so that they can quarantine it. It is better to be safe than sorry!