How to spot a fake email

Not a day goes by without one of our clients forwarding us an email asking us whether it’s real; 99% of the time it’s not, which says something in and of itself — if it looks suspicious, it probably is! There are so many variants flying around we can’t write a post identifying them all, but we can offer some guidance. As a client, all you need to do is ask, but knowing how to spot one yourself is valuable, and may save you some embarrassment — or worse.

First, a few definitions

Spoof: One that is made to look as if it comes from a legitimate source but doesn’t. Examples might include PayPal or Apple advising you that you have an invoice waiting.

Phishing: One that tries to take you to a website and enter credentials for online services, often asking you to do so to download a file.

Spear Phishing: A combination of the two, the email is ostensibly from someone you know and contains a link to an external website.

SPAM: True spam is just annoying, not malicious. It might include legitimate newsletters that you have subscribed to or emails sent by marketers who have got hold of your email address one way or another (under the GDPR they really shouldn’t be doing that unless you have explicitly agreed that they can). The real ones have unsubscribe links, which you should check before clicking, but you can also delete them or mark as junk (or report them to the ICO if you’re feeling vindictive).

There is no hard and fast rule for spotting a fake email and you need to be aware of what to look for. A few tips include:

– Are you expecting it?
– Do you know the sender?
– Do you recognise the email address?
– Does it come with the expected email signature?
– Is the email address part of the display name?
– Is the email asking you to go to a website which then asks you to sign in?

It’s very common for phishing emails to mask their intentions by:

– Having fake attachments, like a PDF, which contains a link to a malicious website, rather than embedding the link into the email directly
– Asking for payments, referencing invoices, or other accounts related topics
– ‘Pressure selling’ by overstating the urgency of the purported matter in question, like paying an invoice.

Things to check:

The sender address: The display name can easily be set to appear to be someone you know, but the email address itself is often a giveaway.

The link address: Often links are embedded into images and it’s not always obvious where they are taking you. Hover your mouse over the link to see what it is before clicking through. If the address domain does not match the email domain, or a verified file sharing service (e.g., or then it’s likely to be fake.

The following was a real email forwarded by a client (a construction company) on suspicion of being a scam. It looks quite real, but a closer look reveals several things to raise suspicion:

– It’s from ‘Accounts Payable’ which immediately identifies it as related to money, making you panic slightly. The Subject ‘EFT REMITTANCE DETAILS’ in capital letters adds to this feeling of pressure to respond.
– The email domain is which is an odd place for a construction company to be sourcing supplies, and the recipient had no idea who they were.
– The body says ‘please see the attached remittance advice’ but there is no attachment.
– There is an image of an Excel icon called ‘SCAN87’ which is an odd name for an invoice.
– The email looks like it’s a document shared from Microsoft, but if you hover over the image to see the link, it’s going to a site called which is nonsensical, it doesn’t match the sender domain and it’s not an address used by Microsoft.
– The link is HTTP not HTTPS. A real file sharing site would use SSL Encryption
– The link to the ‘Privacy Statement’ is just text without any link behind it.

There are countless other examples I could use, but the rules for guidance are all the same. If you’re still not sure, try contacting the sender directly using an alternative and independently verified email address or phone number.

One other thing to remember is that a legitimate email account of someone you know, e.g. a customer or supplier, might be hijacked and used to send you fraudulent emails. To cover, this you just have to be alert to unusual language and requests and, if in the slightest doubt, check with someone else before taking any action.

The saga continues in Part 2…

Like this article?

Share on twitter
Share on Twitter
Share on linkedin
Share on LinkedIn
Share on email
Share by Email

Subscribe to our monthly newsletter

Get the best IT tips and Office ideas in your inbox

Further reading

Information Security

You can’t have IT without Security!

There, we said it, but what does that mean and perhaps more importantly, what does it mean for our customers?

Read More »

To Save or to Auto Save?

Save as you go. If ever there was a golden rule of working with computers, this is it. Anyone who has ever worked on a document before losing their progress to an application crash or power cut knows only too well the dangers of not saving your work. So the introduction of Auto Save in Office seems to be, on the face of it, an absolute gem. But how does it work and what if you need to turn it off?

Read More »

How to reset your Windows Hello PIN

Windows Hello allows you to unlock your PC or Laptop using a PIN instead of a password, or if you have biometric inputs, facial recognition or a fingerprint. This is considered more secure than a password, even though it’s less complex, because it’s unique to the device you are using, and doesn’t leave the device to be authenticated somewhere else.

Read More »
Scroll to Top