10 Email Red Flags: Can you tell a scam email from the real one?

Malware and data breaches are endangering large and small businesses. They’re among the most popular forms of malware, and email continues to be the most popular method of delivering them.

Although email platforms are getting better at detecting potential attacks, it’s still important that you and your employees can distinguish between a harmful email and a real one. Harmful emails can be hard to spot and can fool almost anyone, so we’ve prepared a list of what to watch for.

1) Outlook warnings

The Microsoft email client Outlook and similar mail applications such as Exchange Online has built-in anti-spam and anti-malware protections. They warn you if opening a message can cause potential harm. If emails are flagged, be careful opening them.

2) Unusual messages

Examine the language of the email’s subject line and body. Some emails invoke a sense of urgency or fear to trick you into clicking on them without thinking twice. Beware of subject lines that claim outrageous statements. Verify the email address or with the organization in question by calling them.

Related article: Spectrumwise’s Ultimate Guide to Email Security

There are some things a reputable organization will not do or ask for via email. For instance, banks or the IRS will never ask you to settle a balance over email. Messages are typically for notification only.

Keep an eye out for grammar and spelling errors. If there are glaring mistakes or unfamiliar characters, it may have been constructed with an online translation service that international cybercriminals use to increase the reach of their email scams.

3) Common phishing tactics

A phishing email will lure you into giving away critical information such as login or credit card details by “spoofing” a trustworthy source, like your bank.

One method uses a subdomain to create a seemingly trustworthy domain. This is called typosquatting and can be done by modifying the URL link of a well-known company. Notice the difference between “bankofamerica.com” and “Bankofamerica-secure.net.”

Another phishing tactic involves using legitimate forms or letters to make fraudulent emails look authentic. The IRS protects taxpayers from falling for these scam letters by providing information on notices and letters on their website.

If you do click on the link and are redirected to a new page, there’s a good chance you’ve entered a spoofed site. Even if the page looks authentic, never log in or add your personal information.

4) Files, weird URLs, and link shortenings

Don’t click on any links in an email without checking them. You can check their URLs by hovering over them with your cursor. Verify them. Do you recognize them? Or are they typosquatted?

Delete the email if you notice that it leads to a file or a weird URL comprised of random characters. Also, don’t trust any link that claims to be a known organization but uses link shortening services, such as bit.ly or goo.gl.

Related article: Why are emails still the number one target for cyberattacks

5) Attachments

Any unexpected email from an organization telling you to download an attachment, especially if it comes with an exciting offer or a warning, is a red flag. Don’t download the attachment even if it seems to come from a trusted or familiar source.

Additionally, beware of the Business Email Compromise (BEC) scam wherein fraudsters impersonate a CEO or CFO to trick employees into wiring money.

6) Scare tactics

Be wary of emails that urge you to click on a link to verify an unauthorized transaction made under your name.

Cybercriminals usually prey on people’s worries with statements like “…or face litigation” or “you will be charged unless you act now” to catch you and your employees off guard. Reputable institutions or businesses will never ask you to do this. When in doubt, verify the source by contacting the offices of the institution or business.

7) You owe us money

You should also be wary of any email that claims you owe an organization money, even if it’s the IRS. Any reputable institution will not say this over email.

8) Dear Customers

Organizations normally address customers by their full names. If the email starts with “Dear customer” or a generic greeting, treat it with suspicion.

Related article: Spam Emails Are Far Costlier than Your Realize

9) Nigerian Princes

Some emails are just too good to be true. Emails promising a great reward in exchange for some help or a small investment have been around since traditional mail. It has become so common online and have taken on the moniker, the “Nigerian Prince” or “419” scam. Avoid these types of messages at all costs.

10) Call-to-action buttons

Not all call-to-action buttons are safe; sometimes scammers use them to redirect users to a malicious site or trick them into downloading malware. Make sure you know who an email is from and confirm whether you actually subscribed to that company’s newsletter. If you didn’t, the email could be a phishing attack.

Remember that the first line of defense is security awareness. But for extra protection, you’ll also need a more vigilant line of defense for your business, backed up by expertise in IT. Call Spectrumwise today to ensure total email protection.

Unsure about how to secure your business email? Read our comprehensive blog, Spectrumwise’s Ultimate Guide to Email Security and eliminate your fears of costly security breaches.


Contact Us

"*" indicates required fields

This field is for validation purposes and should be left unchanged.