How to spot a piece of spam e-mail

E-mail has changed the way we communicate over the last couple of decades. The days of pen and paper letter writing are gone. But e-mail does have a negative side: unwanted e-mail, known as Spam. Billions of pieces of spam are sent every day. Do you know how to spot a piece of spam?

When it comes to spam, I like to break them down into three (3) groups:

• Junk: Just straightforward advertising
• Phishing: Trying to get personal information, like login credentials
• Malicious: Meant to deliver some kind of payload, usually file-encrypting malware

Of all three types of spam e-mail, malicious is the most dangerous, but phishing is the most popular. With the progress in security over the years, the malicious spam with attachments has decreased. Scammers now want to get a quick payday, and bank credentials and gift cards are just a couple of ways they try to get your money. But if you take the time to look at a questionable e-mail, you will be able to determine whether it is or is not spam. Let's look at the different areas of an e-mail.

The From: field

This field can be easily faked, and you can check it quickly by hovering your cursor over the From field.

Do you know the sender? Do you now or in the past done business with that company? If you answered no to both questions, it is probably spam. Also, look for e-mail addresses from domains that provide free e-mail addresses (gmail.com, yahoo.com, etc.) or end with a two-letter extension (@com.uk, @com.ru, etc.). Two-letter extensions are for domains outside America.

The To: field

This field should contain just your e-mail address. If multiple e-mail addresses are listed, do you recognize any other e-mail addresses? If you don't, it could be spam. And if this field is blank, the odds are its spam.

The Subject: field

When it comes to the Subject field, if it doesn't sound right, it's not. Spam from other countries is quite often full of grammatical errors. Always remember that if it sounds too good to be true, it probably is. The odds are that the anti-virus/service contract renewal invoice is bogus and that e-fax, scan from a Xerox WorkCentre (notice the spelling), or notice to appear in court that is attached is just a virus.

The e-mail body:

The message in the body of the e-mail usually tries to get you scared or angry, and they want to use your emotions against you. But the first thing to remember is do not call any phone number or click on any links in a panic. That is just what they want you to do. Take your time and read the e-mail carefully. I like looking for grammatical errors.

For those spam e-mails that tell you that your bank account has been charged for something you did not order, do not call any phone number that is listed in the message. As I wrote in the How to handle a tech scam article, the scammer's primary goal is to get your money.

And if the e-mail states that you need to verify your login credentials, do not click on the link they put in the e-mail. They are just phishing for your personal information. You can usually check where the link points to by hovering your cursor over the link.

Chrome displays the URLs at the bottom of the browser

Outlook displays URLs next to the link

If you want to be reassured that a particular e-mail is spam, go ahead and use your usual way of accessing that resource (bank website, credit card website, etc.). Remember that credit and debit cards usually have a toll-free phone number on the back.

Attachments:

Never open attachments from people you do not personally know. Never. If you receive a questionable e-mail from someone you know but were not expecting, contact them directly and verify they sent you the e-mail with the attachment.

Scammers are notorious for adding fake file extensions to attachments to get you to open them. They know that most e-mail programs hide the extensions of attachments. So what they do is they name a malicious file something like OpenMe.pdf.exe, and the e-mail program will only display OpenMe.pdf.