How Can You Tell If An Email Is Spam?

Spam and phishing emails are some of the most common methods of cybercrime. The FBI’s Internet Crime Complaint Center received 467,361 complaints in 2019—an average of nearly 1,300 every day. From this criminal method, they recorded over $3.5 billion in losses to individuals and businesses. Though it may seem easy at times to spot them, sometimes it’s just not the case. And, despite how much we think we know about scam and phishing emails, people still fall victim each and every day. You may be questioning, ‘how can you tell if an email is spam?’ Please read on to discover the top ways to identify a fake email, by increasing complexity.

It’s Poorly Written

A common way to know an email is a scam is when it contains poor spelling, grammar and punctuation. Some believe that these errors are intentional and part of a ‘filtering system.’ In this way, scammers target the most gullible people. The thought behind this method is if someone ignores spelling clues, they’re less likely to pick up the scammer’s motives. It’s also important that many of these times of messages, are manually implemented. Once the target takes the bait, the criminal party has to reply. This replying action doesn’t apply to “phishing,” also known as automated attacks.

How Phishing Works

The concept known as phishing, is more intricate and less work for scammers. They don’t need to monitor inboxes or send tailored responses. They just send out mass amounts of crafted messages to unsuspecting people. Because of this fact, you don’t always see the spelling errors mentioned prior that filter out naïve respondents. This would mean reducing the pool of potential victims and helping those who didn’t fall for the scam to inform other people. The main takeaway is to check for grammatical mistakes, because 1-2 spelling mistakes don’t always mean spam or phishing. In the example below, you’re likely to catch the poor writing style among other red flags.

Why Are Many Phishing Emails Poorly Written?

Though it’s easy to assume that scammers just aren’t good at writing, remember many are from non-English-speaking countries. When creating phishing messages, scammers often use a spellchecker or translation machine. In this way, they’ll have the right words but not always used in the proper way. It’s therefore the recipient’s responsibility to look at the error and decide whether it’s actually something more threatening. You can do this by asking:

• Is it a common sign of a typo (like hitting an adjacent key)?
• If it’s a mistake a native speaker shouldn’t make (grammatical incoherence, words used in the wrong context)?
• Is this email a template, which should have been crafted and copy-edited?
• Is it consistent with previous messages I’ve received from this person?

If you’re ever in doubt, contact the sender using another form of communication. Whether that’s in person, by phone, via their website, or an alternative email address. In this way, you no longer have to wonder ‘how can you tell if an email is spam?’

The Offer Is Wildly Incredible

There are times where some emails that come through are offering something truly amazing. However, there is an old saying about things such as this. When something sounds too good to be true, it probably is! In fact, this is where businesses and individuals receive the same amount of spam. For your personal email, it can come in the form of a unclaimed funds, gift card giveaway, or an X-rated solicitation. Take a look at this example.

In the business world, it can present as free leads, getting to the front page of Google, free SEO, etc. The list truly goes on and scammers are only getting better and smarter about what entices people. Take a look at this example:

The Domain Is ‘Off’ In Some Way

Be sure to ensure the email is not from a public domain. If it comes from an address that ends ‘@gmail.com,’ ‘@outlook.com,’ or ‘@yahoo.com’ it’s likely a scam. Most companies, except some select small businesses, will have their own email domain and company accounts. If the domain name (what follows the @) matches the apparent sender of the email, the message may be legitimate. You can also check if an organization’s domain name comes up in a search engine result.

Check The Full Email Address

Be sure to view the entire email address, not just the sender line. The email address and domain attached to it tells the most about where the message came from. Sometimes an inbox displays a name, like ‘American Express’ which is widely known. When crooks create their bogus email addresses, they often have the choice to select the display name. This name doesn’t need to relate to the email address but it will show up in your inbox. The example below highlights American Express, a financial creditor.

The Domain Name Is Misspelled

This problem is rooted in the fact that anyone can buy a domain name from a host site. And although every domain name must be unique, there are plenty of ways to create addresses that get around this. In the example below, an email comes through from SunTrust, a banking institution. However, take a closer look at the domain spelling. Unfortunately, simply including SunTrust anywhere in the message is often enough to trick people. They might glance at the word “SunTust” in the email address and be satisfied, or simply not understand the difference between the domain name and the local part of an email address.

Unsolicited Links Or Attachments

As we’ve seen already, scam emails come in many forms. But no matter how they’re delivered, nearly all contain a “payload” to incur damage. A payload is malicious code that causes harm to a targeted victim. This will either be an infected attachment that you’re asked to download or a link to a fake website. The purpose of this information is to capture sensitive data such as login credentials, credit card details, phone numbers and account numbers. When in doubt, contact the sender through another form of communication and ask them to confirm it’s them.

Suspicious Links

You can usually spot a suspicious link if the destination address doesn’t match the context of the rest of the email. For example, if you receive an email from PayPal, you would expect the link to direct you towards an address that begins ‘Paypal.com’. However, many emails now hide the destination address in a button. Because of this fact, it’s not immediately obvious where the link goes to. In this example, you would probably know that something was suspicious if you saw the destination address in the email.

Unfortunately, the rest of the message is pretty convincing, prompting you to click the link without much thought. To be sure that you don’t fall for this, you must train yourself and employees to check links before opening them.

This is fairly straightforward and easy thing to do. If you are on a computer, just hover your mouse over the link and the destination address will appear. If it doesn’t pop up in hover format, it will show in the small bar at the bottom of your web browser. When you’re on a mobile device, hold down the link (being careful not to select it!) This will prompt a pop-up containing the link.

Unsolicited Attachments

Often times, when an unsolicited attachment is included in an email from an unknown source, it is infected. It is usually a seemingly benign document that actually contains malware. In a typical example, the phisher claims to be sending an invoice or pricing sheet. Once opened, they’ll see that the invoice isn’t intended for them, but it’s too late. The document unleashes malware on the victim’s computer, which does any number of devious activities. It is advisable to never open an attachment unless you are fully confident in who is sending it. But even then, look out for anything suspicious in the attachment. For example, if you receive a pop-up warning about the file’s legitimacy or the application asks you to adjust your settings, then don’t proceed.

The Message Is Threatening Or Wants You To Act Immediately

One thing scammers know is that most of us tend to procrastinate. We receive an email giving us important news, and we choose to act on it later. But the more time you think about something, the more likely you are to notice when things don’t add up. Sometimes you realize this company’s form of contact is a different email address, or you may speak to a colleague directly and it turns out they didn’t send you a document. Nonetheless, revisiting the message can help you discover its true nature. Take for instance, this email that claims a photo on your website is under copyright and they can sue you.

You may be a bit shocked and want to get to the bottom of this issue. So curious, that you may click on the link attached that claims to reveal which photo they’re referring to. That’s why so many scams request that you act now or else it will be too late. If you haven’t noticed, this quality has been evident in nearly every example. Don’t fall victim, arm yourself and your employees!

Faceless Marketing

Faceless Marketing is a top digital marketing company that caters to your full service marketing needs. We understand how important online security and intellectual property are to your business. Hire the safest and most knowledgeable marketing firm with a proven track record to provide your company with the best. Contact our team at: 1-800-357-1299 or via email: info@faceless.marketing