How to Identify Scam Emails - Part 1: Verify the Sender

A client recently forwarded an email to us to verify whether it was a legitimate email alert or a phishing** scam. And we decided it would be worthwhile to share our thoughts, in an effort to help others with these all to prevalent pitfalls.

We always tell clients to not hesitate to reach out with questions like this, so we can help them avoid serious problems that might be waiting at the other end of a link from a scammer.

Part 1: Verify the Sender

Always check the sender's email address carefully. Be cautious of emails from unknown or suspicious addresses. Even if the sender's name seems familiar, the actual email address may be different.

1. Check the Sender's Name: Start by examining the sender's name displayed in the email. Sometimes scammers use familiar names to trick recipients into thinking the email is from someone they know or trust.
2. Hover Over the Sender's Name or Email Address: Hover your mouse cursor over the sender's name or email address (without clicking) to reveal the actual email address. This action should display the sender's full email address in a pop-up or at the bottom of your email client window.
3. Verify the Domain: Pay close attention to the domain name in the sender's email address. Ensure that it matches the domain of the organization or individual you expect the email to come from. For example, if you're receiving an email from a colleague at your company, the domain should match your company's domain (e.g., @yourcompany.com).
4. Be Cautious of Misspellings or Suspicious Characters: Scammers may create email addresses that closely resemble legitimate ones but contain slight misspellings or additional characters. Watch out for any discrepancies in spelling or unexpected characters in the sender's email address.
5. Compare with Previous Correspondence: If you've communicated with the sender before, compare the email address in the current email with the ones used in previous correspondence. Any significant differences could indicate a potential scam.
6. Use External Contact Information: If you're unsure about the legitimacy of the email, use external contact information (e.g., phone number from the company's official website) to reach out to the supposed sender and verify the authenticity of the email.

By carefully verifying the sender's email address using these steps, you can better protect yourself from falling for phishing scams and other malicious email activities. Remember, it's always better to be cautious and verify before taking any action in response to an email, especially if it seems suspicious or unexpected.

Report Suspicious Emails!

If you receive a suspicious email, report it to your IT department, email service provider or trusted technical consultants. They can investigate the email and take appropriate action to prevent others from falling victim to the same scam.

By following these simple tips, you can significantly reduce the risk of falling for email scams and help protect yourself and your organization from cyber threats. Remember to stay vigilant and skeptical when dealing with unfamiliar or unexpected emails.  And, of course, always feel free to reach out to us.

**Phishing (as defined by Merriam-Webster): The practice of tricking Internet users (as through the use of deceptive email messages or websites) into revealing personal or confidential information which can then be used illicitly.

Check out the rest of the series:

Part 2: Don't Click on Suspicious Links
Part 3: Be Wary of Urgent Requests
Part 4: Check for Spelling and Grammar Mistakes