How to Identify a Scam Email

Despite living in a civilized society, the web is the wild west – with attempts at fraud, scams, and phishing coming right to your door inbox. With so many scam attempts out there, do you know the best practices in identifying one?

First, Let’s Look at Some of the Types of Email Scams

Phishing Scam

This is where you receive an email generally disguised as a legitimate company (a popular one to mimic is Facebook). This email will attempt to direct you to a disguised website where you’re tricked into inputting some information, which is then collected by the scammer.

Take the below example:

Once you click on a link from the above, it will take you to a website disguised as Facebook asking you to login to see the notifications. Of course, it’s not actually Facebook and once you enter your info, the scammer will have it.

This is a popular scam, and is very hard to differentiate from an actual Facebook email.

The clues that this is a scam:

• Firstly, look at the ‘from’ email address, which is a jumble of letters followed by @transitionsfacebook.com. This is a clue, but isn’t always totally straightforward. Big companies like Facebook that send out a lot of emails might actually use a different domain for emails. In fact, the legitimate Facebook notification emails come from Facebookmail.com.
  
  [Even then, a good scam email can display the ‘from’ address as @facebookmail.com even when it’s not actually from that address! So in fact, this alone isn’t a surefire way to know if you’re dealing with a scam!]
• Next, if you hover over the links in an email, you should see the destination URL show in the bottom left of your computer screen. In the above example, all the red-highlighted links were shown to lead to the same URL. That’s abnormal and an indication that something is fishy.
• Once again by hovering over the links and looking at the destination URL in the bottom left of your screen, you’ll see they lead to strange web addresses not associated with Facebook. This is a clear indication they are trying to bring you to a phishing or malware-infected site.

A legitimate Facebook URL:

A spam URL:

Phishing scams are often used to collect banking information as well, wherein you may receive a seemingly legitimate email from the bank you do business with, asking you to verify your account information. Don’t fall for it! The bank would already have your info and would never ask you to verify it in such a manner.

Virus/Malware

In this case, an email attachment could contain a virus – such as an image. Or, the email might be a phishing scam (disguised as a company), but one which directs you to a webpage that installs malware on your computer. Malware is like a spy program on your computer that collects sensitive information in the background as you conduct online banking, etc, then sending this information off to the scammer.

MONEY-FOR-MONEY Scam

Also known as the “Nigerian scam”, this is where the emailer is telling you they have money to give you for some reason or another. It starts as a seemingly personalized email from an individual, where if you respond they will continue to write back, leading you along with this temptation until they ask for a comparatively small amount of money in advance for some sort of “expenses”. In some cases, it might even look (somewhat) legitimate, where they’re inquiring about purchasing a product/service from you (if you’re a business).

Take for example this email where the person claims they’ve inherited some money which they want to give to you:

If you were to respond to a message like this, they would email you back and ask you to transfer something like $3000 to their account as an advance for their expenses before they can access/transfer you the “$3 million”.

Of course, if you pay them this, you never see the money they promised you, and they disappear.

How to Identify a Scam Email

1. Check the ‘from’ email address. This isn’t a surefire way as scammers can sometimes disguise the ‘from’ email address, but it can give you a clue if the email you received came from a strange looking domain name.
2. Hover over the links in the email and look for the destination URL (either bottom left of your screen or right above the link). If the destination is the actual organization, it’s real. If it leads to a strange domain you’ve never heard of, don’t click it!
3. Check for fonts and design in company emails. If the font type or something seems off or not like your regular Facebook notification emails, that could be a sign of a scam in disguise.
4. Check for poor writing and grammar. Many scams, and especially the Money-for-Money Scams, come from overseas in Africa, Europe, and Asia.
5. Anytime someone wants to give you money “ASAP”, that’s a red flag (even if they say they want to buy your product/service). You’ll know for sure when they ask you to advance them a little money in the meantime before they transfer you the full amount.
6. If the message is all plain text, or just a single image, this again is a red flag.

Err on the Side of Caution

1. When you receive a notification email, such as from Facebook, just login to your Facebook account separately and check your notifications. You’re always safer to access things yourself as opposed to clicking on links in emails.
2. Ignore emails that offer you money. If you’re a business and it’s hard to tell if they’re a potential customer or spammer, you can reply to them as you would a regular customer, but don’t give any sensitive information. As soon as they ask you for money first, you know it’s a scam.
3. Never send personal information by email.
4. Only do business with people and companies you know and trust.
5. Always create strong passwords for everything. Try our secure password generator here.
6. Never input credit card of sensitive information on a site which doesn’t use SSL (https:// as opposed to http://). Read more about SSL certificates for collecting payment information here.
7. Run regular virus and malware scans on your computer. We recommend the free and effective Malwarebytes specifically for malware detection.

If you’re looking for safe and secure web and email hosting for your business, see our hosting packages.

Thanks for reading,

Patricia