Fraud Prevention

How to Spot a Fake Email

Those hackers.

They’re always coming up with a new way to bilk you out of your money. And it’s not just money they’re after. Sometimes they want your personal information too. Or for you to click on a link that infects your computer with spyware.

Fortunately, there are some simple ways to tell if an email is real. In most cases, spotting phony email messages requires only common sense. But some things might surprise you. All the following tips are geared  toward keeping you safe and your bank account free of hackers.

Spotting Scam Emails


  1. Check the address: If a  message is allegedly from PayPal, make sure the email actually comes from PayPal’s domain. It’s as simple as looking at the name after the @ sign. It should only say  Be careful though. Hackers have gotten clever over the years.Sometimes, at a quick glance, an email might look legit. So be especially careful of email addresses like: @paypal1 or @paypalservice  @.paypal. If there’s ever any doubt about an email you receive, visit the website in question and check out the  “avoid scams” link. Most big corporations offer their consumers tips on how to spot a fake.
  1. Follow the dots:  Use your common sense. If you receive an email from an American conglomerate, but you’re being contacted by an out of country server, something isn’t right. Look for instead of a .com email address. Not .uk (United Kingdom) or .hu (Hungary) or .id (Indonesia). Government agencies use .gov. Charitable organizations use .org. Hover your mouse over the email address in question and take a good look at what it’s telling you.  Here’s a list of domains and their country codes.

  2. It’s all in a name:  Businesses know your name, so if you’re getting an email addressed to “Dear Customer” that’s a big red flag. Make sure the email is addressed to you, personally, not a generic greeting that could be sent in a mass mailing.

  1. Know your ABCs:  The sad truth is most fake email messages originate from non-Western countries. That means English isn’t their first language — and it shows. If you’re seeing a lot of spelling errors, bad grammar or punctuation errors, chances are the email is part of a scam attempt. Sometimes the language being used is a big red flag, too. It’s highly unlikely that a government agency would end their email with, “God bless you.”

dont click

  1. Just (don’t) click it:  Anytime you get an email from a company that asks you to “click here,” whether that click is supposed to take you to your account, a web site, or a so-called invoice, don’t do it. Never, ever click on a link, even if you’re reasonably certain the email is real. Instead, load the  real web site first, then check for communications. When in doubt, go directly to the source. Don’t rely on links.

  1. No logo means no-go-go:  Big corporations love their logos. You’ll rarely get a communication from a corporation that doesn’t include one. Be wary of emails that contain text only. Most corporate communications resemble a company’s letterhead.  If the email does include a logo, it won’t be a grainy, poor reproduction.

  1. Hurry, hurry, hurry:  If you’re being told something is urgent, or that you need to hurry, or that you must respond immediately, don’t believe it. The sense of urgency is meant to make you panic. To make you click a phony link. To fool you into believing you must to take care of some urgent matter before it’s too late.  Such tactics are designed to make you act without taking time to think.  Slow down. Do your research. Don’t fall for the pressure sale.

  1. (Un)Friendly request:  If an email is soliciting money, and that money is supposedly for a good friend, then the email should come from that good friend. These days people can email from their phones, a plane, and from a foreign country. There’s no reason for some stranger to contact you, and especially not someone with poor grammar, who can’t spell your name, and who’s telling you that you must respond quickly. Don’t believe everything you read.

send money

  1. If it sounds too good to be true…  The truth is your computer might already be infected with spyware. That spyware might be telling scammers which web sites you visit. They know if they send you an email from a site you frequently visit, one that’s a fair replica of the original site, there’s a good chance they’ll get you to take the bait. Hackers want your password and your log-in information. So if your favorite web site suddenly teases you with a “free coupon” or a “rebate” or some other enticing treat, be wary and don’t log-in. Always be a skeptic.

  1. Google is your friend:  Most email scams have been around the block a time or two. If you suspect a scam, it’s worth a quick online search to see if a suspicious email scam has been reported. Try copying and pasting the header of your suspicious email. You’d be surprised how many hits you’ll get.

  1. Do some “Snoping”:  Sites like Snopes house pages and pages that expose fake Internet scam in its “computer” section. Some of the scams probably sound familiar (UPS/Fed Ex/DHL/USPS Delivery Failure, anyone?). Be informed. Stay abreast of the latest swindle.

  1. Don’t click! Perhaps the most important lesson of all is to resist the click. It’s tempting, especially when the email passes a preliminary sniff test, but some fake emails are hard to spot.  Resist the temptation. Don’t click unless you know it’s legit. Instead, close the email in question, or better yet, don’t even open it, and then use your own bookmarks to visit a site you do business with to check out whether the message is actually legit.

Staying Safe

stay safeRemember, the simple act of opening an email is a signal that there’s a potential victim on the other side. That might be all a scammer wants – to harvest your email address (be wary of too-good-to-be-true Craigslist ads for this reason, too), so don’t click unless you know it’s legit.

If you realize after you’ve clicked a link that something doesn’t look right, close your browser immediately. Use your bookmarks to log-in to the real site and then change your password immediately. You might need to scan your computer for viruses, too.  You should also report the scammer’s email. It might be a new one that should be shared with other users.  Above all, if you do get taken in by an email scam, don’t kick yourself. Even the Internet savvy can be fooled.   Just do what you can to minimize the risk for damage and move on.  Short of never using the Internet again, due diligence is your best chance to defend yourself online.