5 Ways to Spot a Fake Email
Fake emails, many of which are phishing emails, can be spotted by looking at the technical attributes in the email along with a careful inspection of the content. A fake email is one that is not from the sender it appears to be. The goals of a fake email are to trick the user into clicking on a link that sends them to a spoof website, convince the recipient to transfer money, or encouraging them to give personally identifying information such as login credentials. Fake emails are also known as phishing emails when the sender is trying to obtain more information from the recipient. In a phishing email, the sender is seeking, or fishing for, more information. Most of the time the hacker is phishing for financial information or usernames and passwords to an account.
One way to detect and automatically control fake, phishing, and spam emails is with a good quality antivirus software or email service. An email service can be set up to detect emails from servers used by spammers as well as malicious email addresses. An antivirus app can protect your devices in the event are fooled by a fake email and click on a link.
Fortunately, many fake emails can be detected by the recipient if the reader takes some time to examine the email before opening it, before downloading images or clicking on any content. There are a few reliable ways to spot a fake email.
Below is an example of a fake that I received last week. These fake American Express emails seem to come to me in waves. I will receive three or four a few days apart. I always forward them to Amex’s spoof email box, so they can work on mitigating the phishing attack. I have received three in this round, so far. Below is a screenshot of the first one. At a glance the email appears to be legitimate, I’ll show you how I spotted the telltale signs in this fake email.
- The Sender’s Email Address Does Not Match
Look at the sending, or the “from”, email address. If it does not match the corporate email address or website, then this email is spam. I know that all emails from American Express come from a certain domain name, aexp.com. I already knew this was spam because the from address (mo-reply.AMEX@up.edu) did not match amex.com or americanexpress.com. If the actual sending email address does not end in that, then it is spam.
Do not confuse the actual sending email with the friendly email name. In this case, the friendly sending address (mo-reply.AMEX@up.edu) matches the real sending address exactly. It is easy to spoof the friendly name of the sender. That can be different from the real email address used to send the email. If you want to learn more about the differences between friendly and actual sending email address, check out our email phishing field guide.
- Look for misspellings, typos, grammatical errors in Fake Emails
There are is one spelling error and one grammatical error in my fake email. Thank the spell checker for helping me spot the typos.
- Links do not match the sender’s domain name
Look at the shortened link in image two, the link is shortened to hide the fact that should the reader click on the link, it is not linking to a legitimate American Express website.
This technical merit can be a bit tricky with a retailer’s email campaign. For e-commerce businesses, this is a common, and legitimate tactic. Email opens, and clicks are tracked this way. Although this is not a completely damning sign of a phishing email, it certainly is a cause for concern and warrants scrutiny for the rest of the email content. More inspection is needed.
Legitimate emails from your bank, a friend, or a business you deal with usually address you by name. The fake email does not. In addition to not addressing me by my name (as Amex always does), I know from talking to the fraud department at Amex, that there are other technical elements in their emails that Amex will always use. It helps with fraud detection.
The easiest thing to look for is they always use the last digits of my card number in the email. That identifier, Amex assures me, is the quickest way to detect a fake email that claims to be from American Express. No fraudulent email so far has included the digits.
- The Email Content is Intimidating or Threatening
The scary-sounding nature of the content email (above) is also a big clue that this is a fake email. It states, “We notice some suspicious activities on your online banking and are putting a hold on your account.” First of all, I don’t do any online banking with American Express. Second, if there was some suspicious activity, they would have texted or called me. The hackers who wrote this did not use the correct conjugation of the word “notice.” It should be noticed. Furthermore, the word “Important” in the subject line is spelled incorrectly.
No financial institution, credit card, or any other account should ever ask you to respond to the email with any sort of credentials – from passwords to bank accounts numbers – do not ever email sensitive information.
When in doubt ignore the email and go straight to the website you know to be legitimate. Log in there. You can always call customer service to see if the email was indeed sent by that organization.
Michelle writes about cyber security as well as how to protect your data online. She has worked in internet technology for over 20 years Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. She conducts workshops focused on web technologies and enjoys public speaking along with her connected rescue mutt.