Can you spot an email or text message trying to “phish” your personal information or is otherwise a scam? When viewing a suspicious email, here are some key things to look at to help identify phishing/scam emails. Treat all email as guilty/scam until proven innocent/not-a-scam:
Subject – Look for bad grammar, misspelling, trying to get to act immediately, emojis and excessive punctuations (!!!) to entice you to read the email.
“From” – Does the email addresses match the sender? For example, we’ve seen lots of emails from “McAfee”, but the email address shown is from a random @gmail.com address. However the email address that it’s coming from should not be your only determination whether or not an email is real since an email address is easily spoofed.
“To” and greeting – Is the email addressed to your email address and name, or “undisclosed recipients” and “Dear user”. – A company that you already do business with will send an email addressed to your email address and name.
Grammar – Treat every email that’s trying to get you to react as suspicious. Slowly read the email as if you’re a teacher grading a student’s English paper.
Punctuation – Look for words that should/should not be capitalized, periods and commas in the wrong place, spaces that should/should not exist, and excessive punctuation.
Fonts – Phishing/scam emails often overuse bold and colored fonts, and different typefaces.
Look for clues the the email writer’s native language/country is not English/U.S. – Are dates formatted as the U.S. Month/Day/Year – or it is Day/Month/Year? Do phone numbers begin with “+1”? Country code prefixes are often used outside of North America.
A sense of urgency for immediate action – “Must respond within 24 hours or else…”
A scare tactic – Look for threats such as “… result in loss of important information” or “we’ll be forced to terminate/charge your account.”
Personal/private information – A company that you do business with already knows your email address, name, password, etc. Unless you are logging into your account on their official website, they would not ask you to enter it into an email or web form and send it back to them.
Please review the screenshots below of emails received and forwarded to us by our clients. Can you spot all of the clues that each one is a phishing/scam email? Answers are given below each screenshot.
In this 2024 email targeting Spectrum account holders, the name displays “MyAccount@bill.spectr…“, but the email address is not from a Spectrum address. Furthermore, Capitalization errors and threats to restrict service are other clues that it’s a scam/phishing email.In this example note the non-AT&T email address, spaces after sentences and before the period, threats to charge your checking account if you don’t call immediately, and the “+1” country code prefix. This phishing email appears to be sent from a private email address. Also note the date format is not standard, and the weird capitalization in “MailBox”.Bad grammar and a name similar to a real US company give away the fact that this is a fake invoice designed to get you to call the number shown. Also notice that the email is not personalized – the greeting is just “Dear,”.If you don’t recall signing up for a service – you likely didn’t. In this example of a fake invoice, scammers are hoping that you will call them to “cancel” the service – then try to convince you that they need remote access to your computer and bank account to deposit the “refund”. If in doubt about a charge to your account, contact your bank or credit card company first to confirm a transaction.If you were to click “Verify now” button in this email, you would likely be taken to a Amazon lookalike site asking you to enter private login information. Note the run-on sentence, bad grammar and non-capitalization of “amazon”. Halo.Notice the large print for a number to call about the supposed transaction. But the capitalization errors and being sent from a private email address should help you recognize that this email is fake.The real Microsoft would address you by your name rather than “Dear Customer”. Also, why does the first phone number contain a dash – after the 1, while the second one doesn’t? It’s because scammers usually aren’t very detail oriented, nor good at writing the English language.The email above came from a valid email address at PayPal. In the “Seller note to customer” notice that there is a space in the dollar amount, grammar and punctuation errors, and the “+1” phone number typically used when calling from overseas. If you receive an email from PayPal, Intuit/QuickBooks or other business with a message about money that is due or has been charged THAT YOU DO NOT RECOGNIZE – DO NOT CALL the number provided in the message.Notice the improper capitalization of “Purchase of Digital Assets”, and grammar errors. Similar to the previous email from PayPal, you should never call a phone number provided in a “note from” a sender of a request for money that you do not recognize.This cell phone text message may appear to be from “VZN”, but official SMS correspondence from a business usually comes from a number that’s NOT your typical 10- or 11-digit private phone number. Bad grammar an extra space and capitalization error along with a strange website address is a clue NOT to click on this.Again, your bank will typically send a text message from a 5 or 6 digit “short code”. In this case it’s best to verify by calling your financial institution at the phone number located on a statement or debit/credit card.This text message came from an email address rather than a text message short code. Note the word “netflix” in the link meant to distract you that the link would really take you to a page on [onlinehome.us].
Print This Article Updated 10/21/24:
