Skip to main content

How to Identify Scam Emails

Consequences of Failing to Identify Scams

  • Viruses can be downloaded onto your computer
  • Login credentials to any site can be stolen
  • Banking information and other personal information sent to an attacker
  • Your identity stolen

Goals of Scammers

These are what the bad guys want you to do, so these are things you shouldn't do until you know the email is legitimate:

  • Click on a link
  • Download or open an attachment
  • Respond to the email with sensitive information including username, password, banking details, or other personal info
  • Call a number for support

Note - as long as your browser (Chrome, Firefox, etc.) and email client (Outlook, Thunderbird, etc.) are updated, it's safe to open an email and inspect the contents.


In the section below, guidelines to identify scam/spam/phishing emails are listed. Here are the example we will base our guidelines on:

Scam Email 1

Example 1 (marked areas are red flags)

Scam email 2

Example 2 (marked areas are red flags)

Pic 3

Example 3 (marked areas are red flags)

How to Identify Scam Emails

  • Sender's address
  • Subject line
  • Grammatical mistakes
  • Broken images/awful design
  • Lack of personal information
  • Email contents
  • Sender signature

Sender’s Address

Phishing emails often will try to impersonate another person or organization. Hackers will use email spoofing to create a fake email that looks legitimate.

In this example, the visible alias is "Byu Admin". When looking at the actual address, it is coming from ""; we can see the email is obviously not legitimate. If you ever see an email or link that sticks out, you should always check the actual address by hovering your mouse over the email before you open it.

Subject Line

The goal of phishing is to steal information or deliver malware. To get you hooked, attackers will often include "click-baity" subject lines that make you want to open the email and follow the instructions. These subject lines can include words such as alert, malware, required, immediate, out of date, delayed, updated, confidential, attention, unusual, and more!

Subject lines may also be crafted to make you trust them. Many phishers will include titles such as "Your ticket #192837547", making you believe that they are contacting you about a ticket that you, or someone in your organization, already created. If you didn't create that specific ticket, talk with others to see if they did. If no one knows about it, it's likely a scam.

Grammatical Mistakes

While not necessarily a sure sign that the email is fake, lots of grammatical errors should raise red flags when trying to determine if an email is legitimate or not. Common grammatical mistakes include:

  • Spelling errors (ie "atteniton" instead of "attention")
  • Inconsistent capitalization (ie "Paypal" instead of "PayPal")
  • Punctuation (ie forgetting periods or apostrophes, too many commas)
  • Lots of contractions (ie "You've" instead of "You have")
  • Broken/incomplete sentences (ie "Please fill these form for your help")

Broken Images/Awful Design

Broken images are often intentionally placed in scam emails to convince you to click on them - please do not do so. Professional companies hardly ever include images that won't render properly.

Perhaps even more of a sign of a fake email, emails that look like they were designed by a 3rd grader are common. These include lack of spacing between elements, pictures too close to text, lack of colors, inconsistent spacing, odd symbols, etc.

Lack of Personal Information

Email Contents

Sender Signature

Email Contents

Starting at the top of the email contents we can see a broken image followed by some ugly blue letters trying to notify you.
One reason this image could be broken is to try your curiosity so that you will click on it. Doing so could harm your PC and allow the hacker to steal your personal information.

Below the images we have a very poorly written, unprofessional group of body text followed by a button.
The first line contains Danny's name formatted strangely, this seems to be taken directly from his email "". This is followed by a contraction "You've". Contractions should never be used in professional emails as they are considered casual. The remainder of the message includes poor grammar, such as "contains".

A button designed to try and harm you and your computer is included followed by a red "Note" to try and insure you the button is safe. These buttons should never be clicked on.

Most emails that look and feel like this will be picked up by Outlook or Gmail. There will often times be a banner warning you to not download or click on any of the included contents. These emails should be deleted and if there is an option reported to the email service.

Unless you have clicked on these emails and feel your PC has been infected, these emails do not need to be reported to LSIT.

Protecting yourself from phishing 

To finish this article a few suggestions have been included below to help in avoiding phishing emails:

  • Hover over links:  Always hover over the URL in an email to ensure it leads to a safe landing page.
  • Don’t log in to critical apps from email: Any notification sent via email will also exist inside the application.
  • Invest in phishing email awareness training: Users should be trained on a regular basis to spot the latest attacks and techniques.

[Activity] You can try taking the Phishing IQ Test as a fun activity to test yourself. This site is safe to enter your name and work email. The test will be 10 yes or no questions.