In this guide, we will walk through some of the quick and easy telltale signs that you can use to spot a fake email.

Always take a few extra seconds to look at the senders email, the grammar and what is being asked of you. If it sounds strange for you to be involved in what has been asked, chances are it isn’t a real email.

The first and foremost important factor to remember is that efficient capture of fake emails starts with the recipient. Knowing what to look for is paramount in keeping unwanted viruses and spam from becoming more than just a nuisance & unwanted email.


Breaking down the various parts of an email

To better understand what to look for, let us explain some really easy to follow labels:

  • Recipient
    • This is you, the person who received the email.
  • Sender
    • This is the person who sent you the email.
  • Signature
    • This is normally at the footer of an email and contains contact information. New emails normally have one if it comes from a reputable business.
  • Attachment
    • This is normally a file that is attached like a document.
  • Domain
    • This is everything after the @ symbol on an email address.
  • Body
    • This is the area where the sender’s message is displayed.
  • Subject
    • This is normally a brief one-line statement to what the email will be about
  • Link
    • This is what we call a clickable string of text/numbers which opens up internet locations
  • TO / CC / BCC
    • These stand for To, Carbon Copy and Blind Carbon Copy. To is normally used to highlight the email is for the attention of a
      recipient. CC is normally used to include someone into the email, but more for being made aware of what is being said. BCC is
      the same as CC, but it hides the recipient’s email from the other recipients whilst still sending a copy.

Breaking down the structure of a phishing/spam email

Below is an image that we have broken down into sections, and will explain each section

The sender: Support365

In this part, the sender’s name and email are displayed. Here we can see the sender’s name is Support365 and their email address is security@microsoftcie.com

Why is this fake?

If you look inside the email body, there are images for Microsoft and Office 365. We can see this is designed to look like a Microsoft email. Knowing this, we would expect this to come from a microsoft.com email address and not microsoftcie.com. The domain is always a major giveaway in immediately spotting spam, especially when the domain doesn’t reflect the topic or content of the email.

The recipient: Admin at Dr Jones PC Support

In this part, we can see that the email has been addressed to the administrative inbox.

Why is this fake?

The recipient email will never be fake as you need a real email address to receive emails. What will be fake, is one of two things:

  • Was I expecting to be sent this kind of email?
    • In our example here, we do not have any Microsoft subscriptions which would send a payment request to the admin inbox. This is what we would class as unusual.
  • Is my email actually showing in this part?
    • Some spam emails will come through with a random email in the recipient’s field. What this means is that the sender has used BCC. What they will do is add around 50 – 100 emails in the BCC box and 1 email in the TO field. This is a method used to try and mask the volume of recipients in the email.

By taking a few moments to think about whether you were expecting an email request will help you filter out over 75% of spam.

The body: Grammar, links and content

In this part, we can see many links and words. We also have a picture too.

Why is this fake?

For the most part, immediately we can see poorly constructed sentences and grammar. Spam emails for the most part are written in a foreign language and auto-translated before delivery or the sender doesn’t have the tools to accurately write the emails in English correctly. We also know that Microsoft is a very large organisation that will spend a lot of money ensuring its content is both legally and grammatically
correct.

Here we can see that 365 is missing a space before the dash.

Here we can see that the word set should start with a capital letter.

Here we can see the word our is missing the R.

Here we can see by hovering the mouse cursor over a link will tell us where the link leads. We know the email came from security@microsoftcie.com however the link itself leads to another domain entirely. This shows that it’s highly likely going to lead us to somewhere other than the domain the email originated from.

Here is another example from a different phishing email:

If you are on an iOS or Android device, you can tap and hold on to a link to see where it leads too.

Quick checklist to determine if your email is spam

  • Was I expecting this email?
    • If the answer is no, follow our guide to determine if it’s real.
  • Is the senders email something I recognize?
    • If the answer is no, follow our guide to determine if it’s real.
  • Is there a signature in the email with contact information?
    • If the answer is no, follow our guide to determine it’s real.
  • Is the email asking for personal information?
    • If the email is asking for passwords or asking you to click on a link to reset your password when you didn’t request a password reset, it is extremely likely to be fraudulent.
  • Is there an attachment that looks real?
    • If the answer is yes, confirm first that you are aware that the information needed is coming from a source you know you were waiting on asking. Ensure you have an antivirus before clicking attachments. Not all attachments are fake, an antivirus will stop your computer from loading viruses embedded in attachments.

If you suspect you have a fake email and would like a second opinion on it, please forward it to support@businesstech.support where we can verify and respond to you with the results.

Written by Tech Doctor® – Director of DRJPCS LTD IT Support Services