Updated August 19, 2024
With the increasing amount of spam flooding into our inboxes daily, it's essential to be able to discern between legitimate e-mails and spam. Spam e-mails can be annoying, deceptive, and even dangerous. Identifying and handling spam e-mails can help protect your personal information and keep your inbox clutter-free. Here are some tips on how to spot a piece of spam e-mail.
When it comes to spam, I like to break them down into three (3) groups:
- Junk: Just straightforward advertising
- Phishing: Trying to get personal information, like login credentials
- Malicious: Meant to deliver some kind of payload, usually file-encrypting malware
Of all three types of spam e-mail, malicious is the most dangerous, but phishing is the most popular. With the progress in security over the years, malicious spam with attachments has decreased. Scammers now want a quick payday, and bank credentials and gift cards are just a couple of ways they try to get your money. But if you take the time to look at a questionable e-mail, you will be able to determine whether it is or is not spam. Let's look at the different areas of an e-mail.
The From line
The sender's e-mail address (From line) is one of the first things to look at when determining if an e-mail is spam. Legitimate companies will usually have domain-specific e-mail addresses, such as @companyname.com. If the e-mail comes from an unfamiliar or suspicious domain, it's likely to be spam. Additionally, be wary of e-mail addresses that contain long strings of random characters or misspelled variations of well-known domains.
The From line can be easily faked, and you can check it quickly by hovering your cursor over the From line.
Do you know the sender? Do you now or in the past done business with that company? If you answered no to both questions, it is probably spam. Also, look for e-mail addresses from domains that provide free e-mail addresses (gmail.com, yahoo.com, etc.) or end with a two-letter extension (@com.uk, @com.ru, etc.). Two-letter extensions are for domains outside America.
Another tactic spammers use is impersonating legitimate companies or individuals. They may use logos, branding, or language that closely resembles that of real organizations to trick recipients into thinking the e-mail is genuine. If you receive an e-mail that claims to be from a familiar company but seems off in any way, it's best to verify the source (phone call) before taking any action.
The To line
This line should contain just your e-mail address. If multiple e-mail addresses are listed, do you recognize any other e-mail addresses? If you don't, it could be spam. And if this line is blank, the odds are it's spam.
The Subject line
Another red flag to look out for is the Subject line of the e-mail. Spam e-mails often use sensational or urgent language to entice you to open them. Phrases like "urgent action required" or "you've won a prize" are common in spam Subject lines. If the Subject line seems too good to be true or overly dramatic, it's best to err on the side of caution and consider it potential spam.
When it comes to the Subject line, if it doesn't sound right, it's not. Spam from other countries is quite often full of grammatical errors. Always remember that if it sounds too good to be true, it probably is. The odds are that the anti-virus/service contract renewal invoice is bogus and that the e-fax scan from a Xerox WorkCentre (notice the spelling) or notice to appear in court that is attached is just a virus.
The e-mail body
The message in the body of the e-mail usually tries to get you scared or angry, and they want to use your emotions against you. But the first thing to remember is do not call any phone number or click on any links in a panic. That is just what they want you to do. Take your time and read the e-mail carefully.
Furthermore, scrutinize the content of the e-mail. Many spam e-mails are rife with spelling and grammatical errors and may contain strange formatting. Legitimate companies usually take care to ensure their e-mails are well-written and professional. If you notice oddities in the language or formatting of an e-mail, it could be a sign that it's spam.
For those spam e-mails that tell you that your bank account has been charged for something you did not order, do not call any phone number listed in the message. As I wrote in the How to handle a tech scam article, the scammer's primary goal is to get your money.
If the e-mail states that you need to verify your login credentials, do not click on the link they put in the e-mail. They are just phishing for your personal information. You can check where the link points to by hovering your cursor over it without clicking.
Chrome displays the URLs at the bottom of the browser
Outlook displays URLs next to the link
If you want to be reassured that a particular e-mail is spam, use your usual way of accessing that resource (bank website, credit card website, phone number, etc.). Remember that credit and debit cards usually have a toll-free phone number on the back.
Attachments
Links and attachments in e-mails can also be indicators of spam. Hover your mouse over any links in the e-mail (without clicking on them) to see the actual URL. If the link doesn't match the purported destination or appears suspicious, it's likely a phishing attempt. Similarly, unsolicited attachments in e-mails should be treated with caution, as they may contain malware or other harmful content.
Never open attachments from people you do not personally know. Never. If you receive a questionable e-mail from someone you know but were not expecting, contact them directly (via phone call) and verify they sent you the e-mail with the attachment.
Scammers are notorious for adding fake file extensions to attachments to get you to open them. They know that most e-mail programs hide the extensions of attachments. So what they do is name a malicious file as something like OpenMe.pdf.exe, and the e-mail program will only display OpenMe.pdf.
In some cases, legitimate e-mails may end up in the spam folder due to aggressive filtering by e-mail providers. Therefore, periodically checking your spam folder for misplaced e-mails is essential. However, please exercise caution when reviewing the contents of the spam folder, as it may contain actual spam e-mails alongside legitimate ones.
To further protect yourself from spam, consider implementing spam filters and using a reputable anti-virus program. These tools can help reduce the influx of spam and prevent malicious content from reaching your inbox. You may also consider using an anti-spam program like Mailwasher.
In conclusion, identifying spam e-mails is crucial for maintaining a secure and organized inbox. By paying attention to the sender's e-mail address, subject line, content, links, and attachments, you can effectively spot and avoid falling victim to spam e-mails. Remember to stay vigilant and skeptical when interacting with unfamiliar e-mails, and don't hesitate to report suspected spam to your e-mail provider.