How to spot a fake email

Not a day goes by without one of our clients forwarding us an email asking us whether it’s real; 99% of the time it’s not, which says something in and of itself — if it looks suspicious, it probably is! There are so many variants flying around we can’t write a post identifying them all, but we can offer some guidance. As a client, all you need to do is ask, but knowing how to spot one yourself is valuable, and may save you some embarrassment — or worse.

First, a few definitions

Spoof: One that is made to look as if it comes from a legitimate source but doesn’t. Examples might include PayPal or Apple advising you that you have an invoice waiting.

Phishing: One that tries to take you to a website and enter credentials for online services, often asking you to do so to download a file.

Spear Phishing: A combination of the two, the email is ostensibly from someone you know and contains a link to an external website.

SPAM: True spam is just annoying, not malicious. It might include legitimate newsletters that you have subscribed to or emails sent by marketers who have got hold of your email address one way or another (under the GDPR they really shouldn’t be doing that unless you have explicitly agreed that they can). The real ones have unsubscribe links, which you should check before clicking, but you can also delete them or mark as junk (or report them to the ICO if you’re feeling vindictive).

There is no hard and fast rule for spotting a fake email and you need to be aware of what to look for. A few tips include:

– Are you expecting it?
– Do you know the sender?
– Do you recognise the email address?
– Does it come with the expected email signature?
– Is the email address part of the display name?
– Is the email asking you to go to a website which then asks you to sign in?

It’s very common for phishing emails to mask their intentions by:

– Having fake attachments, like a PDF, which contains a link to a malicious website, rather than embedding the link into the email directly
– Asking for payments, referencing invoices, or other accounts related topics
– ‘Pressure selling’ by overstating the urgency of the purported matter in question, like paying an invoice.

Things to check:

The sender address: The display name can easily be set to appear to be someone you know, but the email address itself is often a giveaway.

The link address: Often links are embedded into images and it’s not always obvious where they are taking you. Hover your mouse over the link to see what it is before clicking through. If the address domain does not match the email domain, or a verified file sharing service (e.g., or then it’s likely to be fake.

The following was a real email forwarded by a client (a construction company) on suspicion of being a scam. It looks quite real, but a closer look reveals several things to raise suspicion:

– It’s from ‘Accounts Payable’ which immediately identifies it as related to money, making you panic slightly. The Subject ‘EFT REMITTANCE DETAILS’ in capital letters adds to this feeling of pressure to respond.
– The email domain is which is an odd place for a construction company to be sourcing supplies, and the recipient had no idea who they were.
– The body says ‘please see the attached remittance advice’ but there is no attachment.
– There is an image of an Excel icon called ‘SCAN87’ which is an odd name for an invoice.
– The email looks like it’s a document shared from Microsoft, but if you hover over the image to see the link, it’s going to a site called which is nonsensical, it doesn’t match the sender domain and it’s not an address used by Microsoft.
– The link is HTTP not HTTPS. A real file sharing site would use SSL Encryption
– The link to the ‘Privacy Statement’ is just text without any link behind it.

There are countless other examples I could use, but the rules for guidance are all the same. If you’re still not sure, try contacting the sender directly using an alternative and independently verified email address or phone number.

One other thing to remember is that a legitimate email account of someone you know, e.g. a customer or supplier, might be hijacked and used to send you fraudulent emails. To cover, this you just have to be alert to unusual language and requests and, if in the slightest doubt, check with someone else before taking any action.

Like this article?

Share on twitter
Share on Twitter
Share on linkedin
Share on LinkedIn
Share on email
Share by Email

Subscribe to our monthly newsletter.
Get the best IT tips and Office ideas in your inbox.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Further reading

How to Spot a Fake Email, Part 2: The Anatomy of a Scam

In our post on how to spot a fake email, we covered some easy ways to identify the spams, scams and spoofs that inevitably land in your inbox.

But it’s not easy to write one post covering everything. And it’s not uncommon for us to receive a few reports a day from our clients of scamming: there’s a lot of it out there, much of it increasingly hard to identify.

That’s why we’re going to break it down further today and take you through the anatomy of a scam email.

Read More »
how to tame your inbox

How To Regain Control of Your Inbox

Remember the days when your inbox was all shiny and new and empty? When every email arrived with an excited “ping” and you enthusiastically dove in to read and reply? 

Us neither.

Let’s face it, most inboxes nowadays are more like tentacled sea-monsters. They have you in their grasp, not the other way around. They’re uncontrollable. They’re scary.

Read More »

Cookie Notice

This website uses cookies to ensure you get the best experience on our website. Learn More.

it support team macnamara on the case

Want the best IT tips & ideas?

Subcribe to our mailing list and get top IT tips & tactics in your inbox.

Scroll to Top