How to spot a fake email

Not a day goes by without one of our clients forwarding us an email asking us whether it’s real; 99% of the time it’s not, which says something in and of itself — if it looks suspicious, it probably is! There are so many variants flying around we can’t write a post identifying them all, but we can offer some guidance. As a client, all you need to do is ask, but knowing how to spot one yourself is valuable, and may save you some embarrassment — or worse.

First, a few definitions

Spoof: One that is made to look as if it comes from a legitimate source but doesn’t. Examples might include PayPal or Apple advising you that you have an invoice waiting.

Phishing: One that tries to take you to a website and enter credentials for online services, often asking you to do so to download a file.

Spear Phishing: A combination of the two, the email is ostensibly from someone you know and contains a link to an external website.

SPAM: True spam is just annoying, not malicious. It might include legitimate newsletters that you have subscribed to or emails sent by marketers who have got hold of your email address one way or another (under the GDPR they really shouldn’t be doing that unless you have explicitly agreed that they can). The real ones have unsubscribe links, which you should check before clicking, but you can also delete them or mark as junk (or report them to the ICO if you’re feeling vindictive).

There is no hard and fast rule for spotting a fake email and you need to be aware of what to look for. A few tips include:

– Are you expecting it?
– Do you know the sender?
– Do you recognise the email address?
– Does it come with the expected email signature?
– Is the email address part of the display name?
– Is the email asking you to go to a website which then asks you to sign in?

It’s very common for phishing emails to mask their intentions by:

– Having fake attachments, like a PDF, which contains a link to a malicious website, rather than embedding the link into the email directly
– Asking for payments, referencing invoices, or other accounts related topics
– ‘Pressure selling’ by overstating the urgency of the purported matter in question, like paying an invoice.

Things to check:

The sender address: The display name can easily be set to appear to be someone you know, but the email address itself is often a giveaway.

The link address: Often links are embedded into images and it’s not always obvious where they are taking you. Hover your mouse over the link to see what it is before clicking through. If the address domain does not match the email domain, or a verified file sharing service (e.g. dropbox.com, sharepoint.com or office.com) then it’s likely to be fake.

The following was a real email forwarded by a client (a construction company) on suspicion of being a scam. It looks quite real, but a closer look reveals several things to raise suspicion:

– It’s from ‘Accounts Payable’ which immediately identifies it as related to money, making you panic slightly. The Subject ‘EFT REMITTANCE DETAILS’ in capital letters adds to this feeling of pressure to respond.
– The email domain is preciseradiologypr.com which is an odd place for a construction company to be sourcing supplies, and the recipient had no idea who they were.
– The body says ‘please see the attached remittance advice’ but there is no attachment.
– There is an image of an Excel icon called ‘SCAN87’ which is an odd name for an invoice.
– The email looks like it’s a document shared from Microsoft, but if you hover over the image to see the link, it’s going to a site called crustysing-as.com which is nonsensical, it doesn’t match the sender domain and it’s not an address used by Microsoft.
– The link is HTTP not HTTPS. A real file sharing site would use SSL Encryption
– The link to the ‘Privacy Statement’ is just text without any link behind it.

There are countless other examples I could use, but the rules for guidance are all the same. If you’re still not sure, try contacting the sender directly using an alternative and independently verified email address or phone number.

One other thing to remember is that a legitimate email account of someone you know, e.g. a customer or supplier, might be hijacked and used to send you fraudulent emails. To cover, this you just have to be alert to unusual language and requests and, if in the slightest doubt, check with someone else before taking any action.

Like this article?

Share on twitter
Share on Twitter
Share on linkedin
Share on LinkedIn
Share on email
Share by Email

Subscribe to our monthly newsletter.
Get the best IT tips and Office ideas in your inbox.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Further reading

cyber essentials certification is it worth it

Cyber Essentials: is it worth it?

For some companies, Cyber Essentials or Cyber Essentials Plus certification is a must-have. Usually this is because their position in the supply chain—e.g. supplying to central or local government—dictates that they must have it.  But, for the rest of us, is it worth it? Certification against any standard usually looks like a lot of effort.

Read More »
whatsapp dropbox dilemma

The DropBox and WhatsApp Dilemma

So first off, I have a confession to make: I stole the title of this post from someone else!  The companies were called Dracoon and NetSphere and they did a joint presentation which I saw at this year’s Infosecurity Europe conference. The former developed a file sharing app and the latter an instant messenger, both

Read More »