• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » secure email » 5 Ways to Spot a Fake Email

5 Ways to Spot a Fake Email

2019-01-15 by Michelle Dvorak

Ways to Spot a Fake Email

5 Ways to Spot a Fake Email

Fake emails, many of which are phishing emails, can be spotted by looking at the technical attributes in the email along with a careful inspection of the content. A fake email is one that is not from the sender it appears to be. The goals of a fake email are to trick the user into clicking on a link that sends them to a spoof website, convince the recipient to transfer money, or encouraging them to give personally identifying information such as login credentials. Fake emails are also known as phishing emails when the sender is trying to obtain more information from the recipient. In a phishing email, the sender is seeking, or fishing for, more information. Most of the time the hacker is phishing for financial information or usernames and passwords to an account.

One way to detect and automatically control fake, phishing, and spam emails is with a good quality antivirus software or email service. An email service can be set up to detect emails from servers used by spammers as well as malicious email addresses. An antivirus app can protect your devices in the event are fooled by a fake email and click on a link.

Fortunately, many fake emails can be detected by the recipient if the reader takes some time to examine the email before opening it, before downloading images or clicking on any content. There are a few reliable ways to spot a fake email.

Below is an example of a fake that I received last week. These fake American Express emails seem to come to me in waves. I will receive three or four a few days apart. I always forward them to Amex’s spoof email box, so they can work on mitigating the phishing attack. I have received three in this round, so far. Below is a screenshot of the first one. At a glance the email appears to be legitimate, I’ll show you how I spotted the telltale signs in this fake email.

Fake Email Amex
Fake Email Amex
  1. The Sender’s Email Address Does Not Match
    Look at the sending, or the “from”, email address. If it does not match the corporate email address or website, then this email is spam. I know that all emails from American Express come from a certain domain name, aexp.com. I already knew this was spam because the from address (mo-reply.AMEX@up.edu) did not match amex.com or americanexpress.com. If the actual sending email address does not end in that, then it is spam.

    Do not confuse the actual sending email with the friendly email name. In this case, the friendly sending address (mo-reply.AMEX@up.edu) matches the real sending address exactly. It is easy to spoof the friendly name of the sender. That can be different from the real email address used to send the email. If you want to learn more about the differences between friendly and actual sending email address, check out our email phishing field guide.

  2. Look for misspellings, typos, grammatical errors in Fake Emails
    There are is one spelling error and one grammatical error in my fake email. Thank the spell checker for helping me spot the typos.
  3. Links do not match the sender’s domain name
    Look at the shortened link in image two, the link is shortened to hide the fact that should the reader click on the link, it is not linking to a legitimate American Express website.

     This technical merit can be a bit tricky with a retailer’s email campaign. For e-commerce businesses, this is a common, and legitimate tactic. Email opens, and clicks are tracked this way. Although this is not a completely damning sign of a phishing email, it certainly is a cause for concern and warrants scrutiny for the rest of the email content. More inspection is needed.

  4. Greetings
    Legitimate emails from your bank, a friend, or a business you deal with usually address you by name. The fake email does not. In addition to not addressing me by my name (as Amex always does), I know from talking to the fraud department at Amex, that there are other technical elements in their emails that Amex will always use. It helps with fraud detection.

     The easiest thing to look for is they always use the last digits of my card number in the email. That identifier, Amex assures me, is the quickest way to detect a fake email that claims to be from American Express. No fraudulent email so far has included the digits.

Fake Email Content
Fake Email Content
  1. The Email Content is Intimidating or Threatening
    The scary-sounding nature of the content email (above) is also a big clue that this is a fake email. It states, “We notice some suspicious activities on your online banking and are putting a hold on your account.” First of all, I don’t do any online banking with American Express. Second, if there was some suspicious activity, they would have texted or called me. The hackers who wrote this did not use the correct conjugation of the word “notice.” It should be noticed. Furthermore, the word “Important” in the subject line is spelled incorrectly.

No financial institution, credit card, or any other account should ever ask you to respond to the email with any sort of credentials – from passwords to bank accounts numbers – do not ever email sensitive information.

When in doubt ignore the email and go straight to the website you know to be legitimate. Log in there. You can always call customer service to see if the email was indeed sent by that organization.

Filed Under: secure email Tagged With: phishing, tutorial

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version