Overview
There are multiple common details that can be checked to determine if an email is spam/phishing. These include:
- Sender address
- Spelling/grammar mistakes
- Attachments
- Links
- Sense of urgency
Sender Address
One of the easiest ways to determine if an email is illegitimate is to look at the sender's email address.
Most legitimate companies will have an email address domain that relates to that company i.e. '@microsoft.com', or '@paypal.com' - very few companies use a '@gmail.com' or '@hotmail.com' email address, so there is the chance that an email from a company with an '@gmail.com' or '@hotmail.com' domain is illegitimate. This isn't a fool-proof method, as some companies do use these domains, but it is still something to keep an eye on.
Alternatively, some illegitimate emails will come from a sender address that is similar to the proper sender, but will be slightly misspelled, e.g. @microsfrtf.com. Other times, the email address will be a random string of characters.
It is possible for scammers to spoof the email address so that it appears as though it came from a legitimate source, so it is important to keep an eye out for the other things listed in this article.
Spelling/Grammar Mistakes
You can often tell if an email is a scam if it contains poor spelling and grammar. A large amount of scam/phishing emails are written by overseas agents, where English might not be their primary language. As such, scam emails will often have misspelled words. Sometimes scammers will use translation systems like Google Translate, which will mean their words are correctly spelt, but not necessarily in the right order or grammatically correct.
This is also not a guarantee that the sender is malicious, as everyone makes typos or uses incorrect grammar from time to time. As such, there are a few questions you can ask to determine if the spelling/grammar mistakes are an indicator of an email may be illegitimate:
- Is it a common sign of a typo, like hitting an adjacent key?
- Is it a mistake a native speaker shouldn’t make, words used in the wrong context/order?
- Is it consistent with previous messages I’ve received from this person?
- Is the email claiming to be from a well-known company?
Attachments
Utilising attachments is one of the easiest ways for malicious actors to cause harm, whether they be links to unsafe websites, or downloading malware directly onto your computer. As such, it is important to recognise when an attachment may be dangerous.
One thing to take note of is the file extension of the attachment. Extensions such as .exe, .bat, .vbs, .cmd and .reg all have the capabilities of installing unwanted software or modifying system information/files. HTML files are also unsafe, as these launch in your Internet Browser, and can then either load a phishing website in an attempt to steal credentials, or download malicious files.
In the same way that you should treat random email addresses with distrust, so too should you be wary of attachments with filenames composed of random strings of characters; people don't normally save documents with a 20-character alphanumeric code as its name.
The context of the email is also something to be aware of - for example, if the email is referring to an unpaid invoice, but the attachment is not a PDF, then it is most likely illegitimate.
Links
You can spot a suspicious link if the destination address doesn’t match the context of the rest of the email. To check the links on a computer, hover your mouse over the link, and the destination address appears in a small bar along the bottom of the browser. On a mobile device, hold down on the link, and a pop-up will appear containing the link.
If the URL of the link does not appear to match the content of the email, it is most likely illegitimate.
There are helpful tools such as browserling.com which allow you to preview websites - this can be done by right-clicking the link, copying the link address, and pasting it into Browserling.
From there you can see where the link would have taken you without risking your computer.
Sense of Urgency
In a lot of scan emails, the scammer will create a sense of urgency in order to get you to act quickly without looking deeper at the email, which means you're less likely to notice anything wrong with it. This is particularly prevalent in emails imitating services such as banking or Microsoft, where not acting fast could pose immediate inconveniences.