Approximately 15 billion spam emails are sent every day. They can vary in their complexity, with criminals constantly working to avoid spam filters and other protections put in place. However, 30% of phishing emails that get through are opened which unfortunately means a large proportion of people are clicking on malicious links believing them to be genuine. 

Below is an example of a typical scam email I received in my inbox recently, and I’m going to take you through some of the simple checks you can do (and tell your friends and family about) to help identify a scam email.  

 

Grammar and spelling

The first thing that people think of with a scam email is that it is full of spelling mistakes and grammatical errors. Although this is usually the case, it doesn’t apply with all scam emails.

In the image above, we can see a number of grammatical errors suggesting English probably isn’t the writer’s first language.

Brand

The second indicator to look for is branding. Is the logo correct, are the colors what you’d expect from the sender’s brand? In this example, we don’t see the Amazon smile logo and the font doesn’t match what we see on their sites and marketing material.

Check sender email address

Checking the sender email address is usually a good clue to determine how genuine the email is, and despite claiming to be from Amazon, there is no mention of them in the email or domain (Image below).

Some companies do use third parties to send out marketing and can be found quite easily with a simple search. In this case looking up the email address and domain did not return any results, but it may have linked to scam protection sites, or reviews so it is always worth checking anyway. 

If the email looks genuine but you’re still not sure, click on View, View Message Source, and look at the meta data. Often, you’ll see the real email address it was sent from, not the proxy one shown in the sender address field. 

Within the meta data we can see other relevant information such as the IP address of the sender. Despite the fact that it may not return to a precise location, and only that of the ISP, you can at least see the country it was sent from and whether that was expected or not. In this case it has been sent from France.

A quick search returns details suggesting that this is a proxy IP address used to hide the real location of the sender. There also doesn’t appear to be any Amazon offices in Roubaix, France. 

If there are any links, hover over them to see where they actually lead. Initially it looks like we have a “legitimate” looking amazon.co.uk link, but when I hover over it, you can see that it directs to the same domain that the email has come from. 

Emails like this, claiming to be Amazon, make up only 5% of all brand phishing attempts globally. Historically these scam emails increase around the holiday season, but in the last few years the attempts have been much more prevalent and consistent due to the increase in working from home and the financial hardships faced by many. This provides a feeding ground for scammers to target desperate people looking to save money. 

With the huge volume of emails and scam emails being sent it can be quite overwhelming and at times we may find it easier to just ignore your inbox completely!  

By taking a little time and using the techniques above, it will become second nature. And you can help other people from falling victim to these scams by identifying these emails, sharing the knowledge with others, and marking them as scams in your email client.  

Don’t keep this information to yourself, tell others if you see a new phishing email, as it may save somebody else from clicking on a link. 

The mistakes are intentional to ensure a good “ROI” to the criminals, if you don’t notice the mistakes then you are statistically more likely to be susceptible to falling for the scam and part with your money or details.