There are numerous ways to spot a fake email. The list below is not exhaustive but covers most common types of phishing attempts.

The message contains poor spelling and grammar

Whenever a large company sends out a message on behalf of the company as a whole, the message is usually reviewed for spelling, grammar, and legality, among other things. So if a message is filled with poor grammar or spelling mistakes, it probably didn’t come from a major corporation’s legal department.

You didn’t initiate the action

If you received an email message informing that you have won a contest you did not enter or won the lottery but you never bought a lottery ticket, you can bet that the message is a scam.

The message asks for personal information

No matter how official an email message might look, it’s always a bad sign if the message asks for personal information. Your bank doesn’t need you to send it your account number. It already knows what that is. Similarly, a reputable company should never send an email asking for your password, credit card number, or the answer to a security question.

The message contains a mismatched URL

Check the integrity of any embedded URLs. Often the URL in a phishing message will appear to be perfectly valid. However, if you hover your mouse over the top of the URL, you should see the actual hyperlinked address (at least in Outlook). If the hyperlinked address is different from the address that is displayed, the message is probably fraudulent or malicious.

Paypal Phish Email Example Spot a fake email

The offer seems too good to be true

There is an old saying that if something seems too good to be true, it probably is. That holds especially true for email messages. If you receive a message from someone unknown to you who is making big promises, the message is probably a scam.

hmrc-tax-fake-sms

The message appears to be from a government agency

Phishing artists who want to use intimidation don’t always pose as a bank. Sometimes they’ll send messages claiming to have come from a law enforcement agency, HMRC or just about any other entity that might scare the average law-abiding citizen.

You’re asked to send money to cover expenses

One telltale sign of a phishing email is that you will eventually be asked for money. You might not get asked for cash in the initial message. But sooner or later, phishing artists will likely ask for money to cover expenses, taxes, fees, or something similar. If that happens, you can bet that it’s a scam.

URLs contain a misleading domain name

People who launch phishing scams often depend on their victims not knowing how the DNS naming structure for domains works. The last part of a domain name is the most telling. For example, the domain name info.urbannetwork.co.uk would be a child domain of urbannetwork.co.uk because urbannetwork.co.uk appears at the end of the full domain name (on the right-hand side). Conversely, urbannetwork.co.uk.maliciousdomain.com would clearly not have originated from urbannetwork.co.uk because the reference to urbannetwork.co.uk is on the left side of the domain name.

We have seen this trick used countless times by phishing artists as a way of trying to convince victims that a message came from a company like Microsoft or Apple. The phishing artist simply creates a domain bearing the name Microsoft, Apple, or whatever. The resulting domain name looks something like this: Microsoft.maliciousdomainname.com.

Alternatively, the scam email may also use a domain name that is very similar to the authentic domain name such as “urbannetwork.co”

The message makes unrealistic threats

Although most of the phishing scams try to trick people into giving up cash or sensitive information by promising instant riches, some phishing artists use intimidation to scare victims into giving up information. If a message makes unrealistic threats, it’s probably a scam.