How to spot a fake email

Not a day goes by without one of our clients forwarding us an email asking us whether it’s real; 99% of the time it’s not, which says something in and of itself — if it looks suspicious, it probably is! There are so many variants flying around we can’t write a post identifying them all, but we can offer some guidance. As a client, all you need to do is ask, but knowing how to spot one yourself is valuable, and may save you some embarrassment — or worse.

First, a few definitions

Spoof: One that is made to look as if it comes from a legitimate source but doesn’t. Examples might include PayPal or Apple advising you that you have an invoice waiting.

Phishing: One that tries to take you to a website and enter credentials for online services, often asking you to do so to download a file.

Spear Phishing: A combination of the two, the email is ostensibly from someone you know and contains a link to an external website.

SPAM: True spam is just annoying, not malicious. It might include legitimate newsletters that you have subscribed to or emails sent by marketers who have got hold of your email address one way or another (under the GDPR they really shouldn’t be doing that unless you have explicitly agreed that they can). The real ones have unsubscribe links, which you should check before clicking, but you can also delete them or mark as junk (or report them to the ICO if you’re feeling vindictive).

There is no hard and fast rule for spotting a fake email and you need to be aware of what to look for. A few tips include:

– Are you expecting it?
– Do you know the sender?
– Do you recognise the email address?
– Does it come with the expected email signature?
– Is the email address part of the display name?
– Is the email asking you to go to a website which then asks you to sign in?

It’s very common for phishing emails to mask their intentions by:

– Having fake attachments, like a PDF, which contains a link to a malicious website, rather than embedding the link into the email directly
– Asking for payments, referencing invoices, or other accounts related topics
– ‘Pressure selling’ by overstating the urgency of the purported matter in question, like paying an invoice.

Things to check:

The sender address: The display name can easily be set to appear to be someone you know, but the email address itself is often a giveaway.

The link address: Often links are embedded into images and it’s not always obvious where they are taking you. Hover your mouse over the link to see what it is before clicking through. If the address domain does not match the email domain, or a verified file sharing service (e.g. dropbox.com, sharepoint.com or office.com) then it’s likely to be fake.

The following was a real email forwarded by a client (a construction company) on suspicion of being a scam. It looks quite real, but a closer look reveals several things to raise suspicion:

– It’s from ‘Accounts Payable’ which immediately identifies it as related to money, making you panic slightly. The Subject ‘EFT REMITTANCE DETAILS’ in capital letters adds to this feeling of pressure to respond.
– The email domain is preciseradiologypr.com which is an odd place for a construction company to be sourcing supplies, and the recipient had no idea who they were.
– The body says ‘please see the attached remittance advice’ but there is no attachment.
– There is an image of an Excel icon called ‘SCAN87’ which is an odd name for an invoice.
– The email looks like it’s a document shared from Microsoft, but if you hover over the image to see the link, it’s going to a site called crustysing-as.com which is nonsensical, it doesn’t match the sender domain and it’s not an address used by Microsoft.
– The link is HTTP not HTTPS. A real file sharing site would use SSL Encryption
– The link to the ‘Privacy Statement’ is just text without any link behind it.

There are countless other examples I could use, but the rules for guidance are all the same. If you’re still not sure, try contacting the sender directly using an alternative and independently verified email address or phone number.

One other thing to remember is that a legitimate email account of someone you know, e.g. a customer or supplier, might be hijacked and used to send you fraudulent emails. To cover, this you just have to be alert to unusual language and requests and, if in the slightest doubt, check with someone else before taking any action.

Like this article?

Share on twitter
Share on Twitter
Share on linkedin
Share on LinkedIn
Share on email
Share by Email

Subscribe to our monthly newsletter

Get the best IT tips and Office ideas in your inbox

Further reading

how to be calm and resilient during a work crisis

How To Stay Calm and Be Resilient During a Business Crisis

You can’t escape the C-word at the moment. 

And by C-word we’re not referring to “coronavirus” – nor “COVID-19” (though, you can’t escape those either).

The word of the day is crisis. Because you know what – COVID-19 is just one crisis. It’s surely not the first, and it won’t be the last.

So here’s one particularly valuable thing you can learn from this situation: how to stay calm and logical in the face of any crisis – big or small – that impacts your company.

Read More »
how to unleash staff creativity

5 (Science-Backed) Strategies for Unleashing Staff Creativity

Whether you’re the manager of a team or working on a project with a group of staff, there are times when creativity is needed.

And the more of it you can tease out from everyone, the better the results are going to be.

Now, let’s not be mistaken here… creativity is not just a thing for artistic pursuits. It’s about generating fresh ideas, thinking laterally, coming up with unique ways to solve complex problems… regardless of the field you work in.

Read More »

Want to hear what customers have to say?

Watch out customer story videos and find out today...

Cookie Notice

This website uses cookies to ensure you get the best experience on our website. Learn More.

Scroll to Top

Get the Ebook

"Your Ultimate Guide To Office Delegation"

Get this empowering Ebook in your inbox — when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? Insightful articles, invites to exclusive events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Get the Ebook

"Five Powerful Ideas That’ll Take Your Personal and Business Development to the Next Level"

Are you an Office Manager who’s looking for next-level ideas? You need to read this Ebook — you’ll get it for free when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? helpful articles, invites to events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Get the Ebook

"Five Ideas That'll Help you Tame Unruly Systems and Team Members"

Get this empowering Ebook in your inbox — when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? Insightful articles, invites to exclusive events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Get the Ebook

"Five High-Value Business Initiatives That’ll Provide Massive Impact and Help You Get Noticed at Work"

Get this empowering Ebook in your inbox — when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? Insightful articles, invites to exclusive events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Subscribe to our monthly newsletter.
Get the best IT tips and Office ideas in your inbox.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.