9 Signs of Spam to Check Before Replying to an Email
Spot Scams with these Email Security Best Practices
Ever gotten an email from your boss that wasn’t actually from your boss?
It’s impossible not to come across email scams. You’re hit with them daily. Luckily, mainstream email platforms—Gmail, Outlook, even your old AOL account—automatically filter obvious spam into a designated “Spam” folder. While platforms like Gmail started moving borderline spam from your main inbox to inferior “Promotions” and “Social” tabs, these less discrete forms of spam are just the tip of the iceberg.
Fraud “From” line
As many have discovered first hand, just because you recognize the name in the “From” line, doesn’t mean you know the sender. Almost every part of an email can be manipulated to target you.
How do hackers know so much about you? Information about your schooling, work history, and relationships is likely public somewhere—on Facebook, LinkedIn, a job-finding website. A cursory glance at your online profiles is often enough to extract the names of your family members and coworkers. Mining and using such information maliciously is known in the information security world as “social engineering.”
Source: Department of Homeland Security
With a wealth of shared information at their fingertips, hackers socially engineer predatory email campaigns with the goal of getting money or valuable data. Often, these will go out to thousands of people, knowing that if even a small percentage of people respond, they will make off like bandits.
The good news: If you know what to look for, fraud emails are easier to spot. Again, you are just one in a sea of many unsuspecting victims. Hackers are all about quantity over quality. In their haste to hit more people, they often leave several clues behind. Always check these nine things before replying or following any actions requested in an email:
This one may seem obvious. If you don’t recognize the name, your stranger danger alerts should go off. If you do know the name, that doesn’t alone authenticate the email. Remember, hackers can easily fake sender information to make it look like it’s from your boss, coworker, friend, family member, even your spouse.
Out of character
If the “From” line of the email indicates the email is from someone you know, ask, “does this seem like something they’d do?” Would my coworker be sending me an email at 3:23 AM? Would my boss really demand a money transfer without the necessary approvals?
Just because a hacker knows your name, doesn’t mean they know you. Fraud emails tend to have generic subject lines and a bland, characterless tone of voice in the body. If the email doesn’t sound like the person you know, it’s probably not from them.
Look for an out-of-place copyright and overly formal language. Real people rarely sound so rigid and formal over email. Also, copyrights are not necessary for email. Chances are, the sender is overcompensating to look more legitimate.
Again, quality is not a hacker’s number one concern. Oftentimes, hackers operate overseas, so their English may be broken or awkward. If the writing is poor, overly formal, lacking capital letters, or difficult to follow, it’s a red flag.
Along with poor grammar, a fraud email may also include one or more misspelled words. It’s not uncommon to see basic words misspelled in spam email.
Rarely is a work task or errand as urgent as it will come across in a spam email. Hackers love to use scare tactics to get you to act quickly and irrationally. As represented in the fraud email example above, hackers often stress the urgency of their request in the subject line to get your attention.
Hackers like to disguise malicious URLs by embedding mismatched hyperlinks in the email text. To check whether the link matches the text, hover your curser over the URL. The destination URL will appear. If the URLs don’t match, be weary. You should never click on a link or attachment from a suspicious email. TXT files (think Notepad) are the only document type that cannot execute a virus.
Another common trick hackers use involves a slight variation of a legitimate company URL. For instance, instead of Buick.com a hacker might use the number 1 followed by the number 3 to mimic the look of the letter “B”: 13uick. With the right font, an untrained eye would never know the difference.
Too good to be true
The best rule of thumb? If it sounds too good to be true, it probably isn’t. Play it safe. Scan every email for signs of fraud, call the sender to verify identity, and report any suspicious emails to your IT department right away.