Recognizing Spam and Phishing Emails

Spammers are becoming more and more sophisticated. Some of the spam emails are more dangerous and it could steal your contacts, install a piece of software without your knowledge, which could lead to steal your saved password, bookmarks, browsing history, keystrokes etc.

You have to be very careful before clicking any links or downloading any files.

How to Tell If an Email is Spam

1) If It Ends Up In Your Spam Folder: Sometimes emails from certain websites end up in the spam folder. You must deal with those on a case-by-case basis to determine whether or not they are legitimate.

2) Look at the Email Address: Always check the sender’s email address even though it displays the name of the sender. Ensure you know and trust the sender before opening an email. Since you can see who the sender is from your inbox list without having to open the message, you can decide if a message is spam by simply looking at the sender’s email address. Some spam and phishing scams will pretend to be major companies, so you can’t assume that an email from “Amazon” is guaranteed to be non-spam. If the message was sent from a website that you don’t recognize or an email address from someone you don’t know, chances are the message is spam.

In rare cases, spammers control other people’s accounts, meaning you may get emails from your “friends or colleague” who have been hacked. Checking the sender is the first, not the only, step you should take. If the sender’s address has a bunch of numbers or a domain you don’t recognize (the part after the “@”) then the email is likely spam.

3) Look at the Content: Keep an eye out for emails that say you need to do something right at that second or within a certain number of hours. Also, be wary of any emails that include links. Most companies tell you what to do, but they never direct you to where to do it with a link. If you had a problem, it will tell you when you log on to the account. Grammatical and spelling errors within the body of an email are good signs that its spam.

4) Asking for Personal Information: Most institutions you deal with come right out and say they are never going to ask for personal information in an email. They don’t need to ask you for your personal information anyway because they usually have it on hand. So, if you get an email that asks you for any personal information, no matter how legitimate it might seem, delete it right away. Including any emails from Microsoft or O365. Personal information is only meant to be entered in secure, encrypted forms, not emails where anyone and everyone can get their hands on your information.

5) Look at the Greeting: When you receive a genuine email, the sender addresses you directly, using either your first or last name. If you receive an email where they refer to you as a Valued Customer or as a member of some company, its spam. Senders of your genuine emails want to get your attention, so they always address you directly.

6) Hover over any links in the email to see if they match their supposed destination: For example, hover your mouse over the following link for Don’t click — instead, look to the bottom-left corner of your screen, where a different URL (one for Ryanair) shows up instead of Revenue. Spammers do this trick all the time to bring you to dangerous sites. Do not click if the address is a set of numbers — most reputable companies will use words instead of numerals.

In the below video, Former CIA officer Jason Hanson shows you how to check by looking at a URL without clicking it.

7) Never open or download attachments unless you know what they are: If you don’t know the sender, can’t trust a link, or otherwise feel like an email may be spam, do not open any attachments.

Most email services have an anti-spam feature that filters suspicious messages and diverts them to a specific folder in your email account labeled “Spam or Junk.” If the mail server detects a message to be spam, it separates it from your other messages into the Spam folder, away from your inbox. This is the first and most obvious sign of a spam email.

Why Am I Getting Spam From My Own Email Address?

Random spam emails probably don’t have much success, so the blackmailers have been trying to personalise their attacks in various ways. The most common ones are email spoofing, including a password, or part of a phone number.

Most email services have no way of authenticating the From: and Reply to: fields in email messages, so spammers can fill these fields with anything they like. Your attacker simply made the From: address the same as the To: address, so it looked as though you had sent the email yourself. 

Scammers send you emails that appear to come from your address for one of two reasons, generally. The first is in the hopes they will bypass your spam protection. If you send yourself an email, you’re likely trying to remember something important and wouldn’t want that message labeled as Spam. So, scammers hope that by using your address, your spam filters won’t notice, and their message will go through.

The second reason scammers spoof your email address is to gain a sense of legitimacy. It’s not uncommon for a spoofed email to claim your account is compromised. That “you sent yourself this email” serves as proof of the “hacker’s” access. They might also include a password or phone number pulled from a breached database as further proof.

The scammer usually then claims to have compromising information about you or pictures taken from your webcam. He then threatens to release the data to your closest contacts unless you pay a ransom. It sounds believable at first; after all, they seem to have access to your email account. But that’s the point—the scammer is faking evidence.

The best way to deal with phishing and other spam emails is to delete them on sight. Don’t open them, don’t reply to them, don’t open any documents that may be attached to them, don’t click any links in them, don’t enter any information into websites fetched by those links, and definitely don’t send them any money.

Many of these emails will include a transparent, single-pixel image, known as a beacon. When you open the email, it fetches the tiny image.gif file from a remote server, so the spammers know they’ve hit a live, working email address.

Also, bear in mind that spam and phishing emails may include attempts to infect your computer with malware. This is why you should keep your anti-virus software and operating system up to date.