How to Identify Scam Emails

Phishing emails often will try to impersonate another person or organization. Hackers will use email spoofing to create a fake email that looks legitimate.

In this example, the visible alias is "Byu Admin". When looking at the actual address, it is coming from "connect@zee.shopping"; we can see the email is obviously not legitimate. If you ever see an email or link that sticks out, you should always check the actual address by hovering your mouse over the sender name.

The goal of phishing is to steal information or deliver malware. To get you hooked, attackers will often include "click-baity" subject lines that make you want to open the email and follow the instructions. These subject lines can include words such as alert, malware, required, immediate, out of date, delayed, updated, confidential, attention, unusual, and more!

Subject lines may also be crafted to make you trust them. Many phishers will include titles such as "Your ticket #192837547", making you believe that they are contacting you about a ticket that you, or someone in your organization, already created. If you didn't create that specific ticket, talk with others to see if they did. If no one knows about it, it's likely a scam.

Always ask yourself, "What do they want me to do?" If you can recognize the purpose of the email being sent, you will better be able to evaluate the validity of the sender and legitimacy of the email.

If they want you to log into a site, is the site legitimate? If they're sending a fake invoice, did you pay for that service? If you received an email about a support ticket, did you file that ticket? Taking a step back to analyze WHY the email was sent can help you analyze it more accurately.

The power of intuition is unmatched - if an email seems "weird" or "off", trust your gut! Did you get an email from a friend asking for money, but it just "doesn't seem like them"? It may not be! The best thing to do in that case is reach out to the friend NOT through email and verify that they sent you the message. You can never be too cautious when it comes to email security.

Knowing where a link will send you is very important, and you should always check to see what the link goes to before clicking on it. Hovering over a link should show the URL in the bottom left corner of your browser.

Does it look funny, like trgflu.xyz? Probably bad! Does it seem close to a legitimate site, but not quite (like http://wwwgoogle.com?) Don't click on it! Can you only see a short URL like bit.ly? Use a service like expandurl.net to see where it ACTUALLY goes and if it is safe.

Many times when we think of scam emails, we think of bad grammar, broken images, weird characters, horrible formatting, etc. Those are prime examples of bad phishing emails. However, not all phishing emails appear that way. Someone who really knows what they're doing will be able to craft a good phishing email that has perfect grammar, great formatting, and a legitimate feel. You need to be on alert for these ones also, since they are the more dangerous ones. The above points of interest apply to these good scam emails also, so please pay attention!