We all get our share of spam. Some more than others. But how do we differentiate between simple commercial spam and the types of emails that want to get us in trouble?
The unsolicited commercial spam email is generally easy to recognize, report, and discard, but what about more dangerous types of spam? How can you determine if an email contains a malicious link or attachment, or is trying to scam you out of money or your personal information?
Five red flags for spotting malicious emails
Before we jump into determining what to do with a malicious email, there are a few general tricks users should learn to spot red flags for malicious activity. They are as follows:
1. The sender address isn’t correct.
Check if this address matches the name of the sender and whether the domain of the company is correct. To see this, you have to make sure your email client displays the sender’s email address and not just their display name. Sometimes you need to train hawk eyes at the address, since spammers have some convincing tricks up their sleeve. For example:
In this example sender’s address, the email domain does not match the actual bank’s domain, which is santander.co.uk.
2. The sender doesn’t seem to know the addressee.
Is the recipient name spelled out in the email, and are you being addressed as you would expect from the sender? Does the signature match how this sender would usually sign their mails to you? Your bank usually does not address you in generic ways like “Dear customer.” If the email is legit and clearly intended for you, then they will use your full name.
3. Embedded links have weird URLs.
Always hover first over the links in the email. Do not click immediately. Does the destination URL match the destination site you would expect? (Once again, train those eagle eyes.) Will it download a file? Are they using a link shortening service? When in doubt, if you have a shortcut to the site of the company sending you the email, use that method instead of clicking the link in the email.
When I hover over “Apply Now,” does that link look like something VISA would use?
4. The language, spelling, and grammar are “off.”
Is the email full of spelling errors, or does it look like someone used an online translation service to translate the mail to your language?
5. The content is bizarre or unbelievable.
If it is too good to be true, it probably isn’t true. People with lost relatives that leave you huge estates or suitcases full of dollars in some far-away country are not as common as these scammers would have us believe. You can recognize when email spam is trying to phish for money by its promises to deliver great gain in return for a small investment. For historical reasons, we call this type of spam “Nigerian prince” or “419” spam.