How to spot a bad email and avoid scams and phishing

Learn to spot the signs of a phishing or fake email

Hand pointing at mail. Beware of fake emails and phishing

Email is one of the most common targets for hackers, malware, phishing and so on. Possibly the biggest security flaw is you, the user, so learn how to improve email security and safety.

Your email account is under attack from bad actors on the internet. They want to fool you with scams, infect your computer with malware or adware. They want to steal your login details for online accounts, services and stores, and they want to empty your bank account. Beware of bad emails and don’t get caught by phishing and scams with these tips and techniques.

Here’s what you need to know to avoid the worst on the internet.

Delete emails not addressed to you

Why would you receive an email that is not addressed to you? Phishing, scams and malware emails often begin with ‘Dear customer‘, ‘Dear [email protected]‘, ‘Dear client‘ and similar general greetings. Not using your name is one of the easiest ways to recognise fake emails and it is a dead give-away. Delete these emails.

If Apple, Amazon, PayPal, your bank and other places email you, they always include your name, so when an email does not use your name, it makes it very suspicious. There is a very small chance it could be legitimate, but it almost certainly isn’t.

Beware of emails asking you to perform an action

Phishing email with obvious fake parts highlighted
Fake emails have obvious errors and problems

Phishing emails and those spreading malware often tell you to click a link or button and sign in as soon as possible. Sometimes a time limit is mentioned in the message and if you do not do what it asks immediately, your account will be suspended or something like that. Malware often asks you to open an email attachment. Spam asks you to click a link and so on.

Be very suspicious of any email that asks you to do something. Some legitimate emails do ask you to click something to perform an action, which can be confusing, but even if they do, you should avoid doing so if at all possible.

Badly written text signals warnings

That phishing email above is a typical example and there are numerous errors that a company the size and reputation of Apple would not allow. Informations in the title should be Information, ‘your Apple ID temporarily disabled..’ should say is, has or will be, “this account is belongs to you…’ should not have is, ‘Once you have update it…’ should say updated.

This would never get past Apple’s quality control, so even without the other highlighted items, the mistakes in the English/American is sufficient for you to recognise this as fake.

Email attachment safety

This attachment to an email may be malware. Beware.
Invoices and receipts for things you did not buy are fake

Bad emails, such as those that are spreading malware or attempting to steal information like login details, often have email attachments. If you do not know the sender of the message or if you are not expecting an email attachment, be very suspicious of it.

Quite often the message tells you to view the attachment, open it, click it and so on. Sometimes there is no message, just an attachment, usually with a filename that makes it sound like something you should open. A receipt for a purchase is common, even though you have made no purchases. It makes you curious and want to open it. Don’t!

If you are sure an attachment is safe and is from someone you know, like a friend, family or co-worker, do not open it directly, save it to disk instead. This is so that antivirus software on the computer can check it.

Think very carefully before opening an email attachment. Sometimes other things tip you off that this is probably a fake email or malware.

Beware of clicking links in emails

A fake Netflix email phishing for your login details
Don’t click links or buttons in emails, they may be fake

Phishing emails and other bad mail containing malware often contain links to fake websites with fake logins so they can steal your username and password. Links in emails can also take you to websites containing malware or begin a download containing malware.

If at all possible, do not click links in emails. For example, if an email seems like it is from a company you know and have an account with like PayPal, Amazon, Netflix, Apple or elsewhere, you can usually open a new browser window or tab, type the URL of the site and log in. There is no need to click the link in an email. Once logged in, you can check for notifications or messages.

Beware of scams and con tricks

Email offers that sound too good to be true may be fake or phishing
Beware of offers that seem too good to be true

Emails not addressed to you and emails that require you to perform an action are just two ways to spot bad emails. Also use your common sense. If you get an email saying you have won the lottery, the odds of it being real are anything up to 100 million to one against, and even higher if you can’t remember buying a lottery ticket.

Requests to accept money from Nigerian princes who died and need to move money out of the country are still going around. Emails telling you to buy company shares because they will skyrocket in the next few days are also still used.

Use your common sense. You know the old saying, if it sounds too good to be true…

Increase security when using email at public Wi-Fi, hotels and other places by using a VPN to encrypt the internet connection.

Our Offers and Recommendations page has great deals on VPNs for your Mac, PC and phone. Save $$$ on your subscription.

Get another email account

Having a second email account is a great way to detect fake emails because often the fake will arrive at the wrong address. For example, if you use [email protected]… to log into your PayPal account and you get an email warning of a PayPal problem on [email protected]… then you instantly know it is a fake. That’s not the address you use.

Email services often let you create an email alias and this is an extra email address that you can use instead of your real one. Use it for signing up to email newsletters and other unimportant things. Use your real email address with things that matter, like online stores, banks, and so on.

Related:
Use rules to auto-categorise emails in Outlook
Organise Outlook email using categories

Use email with antivirus scanning

Bad emails can contain malicious attachments like viruses, Trojans and other malware. Use an email service that automatically scans incoming emails for malware. Gmail and Outlook will not let you download emails with malware for example. Does your email service check emails for malware?

Beware of unsubscribe links

This is a tricky one because all marketing emails must contain an unsubscribe link, so one is expected at the bottom of an email. Clicking it unsubscribes you from the email list.

However, bad emails and fake messages can contain fake unsubscribe links. Clicking them may take you to a site that has malware or a fake login to confirm your request unsubscribe.

Is the unsubscribe link real or fake? If the email has signs of being fake or bad, do not click the unsubscribe link. An email addressed ‘Dear customer‘ is fake and probably the unsubscribe link is fake too.

Only unsubscribe if you are sure you signed up to the email newsletter or update, and the message contains information that lead you to believe it is real, such as including your name.

Too many email recipients

Too many email recipients is a sign of a fake email

Fake emails, phishing and malware is sent to multiple email addresses and they are not targeting you specifically. You are just part of a bulk mailshot. A large number of recipients in an email is a strong indication that the message is fake or there is something wrong with it.

If the email has been sent to hundreds of other people, it is probably a bad one and should be avoided. For privacy and security reasons, bulk emails should Bcc and not stuff all the email addresses in the To box.


What's next?