How to spot a fake email

These days email is one of the most ubiquitous tools in a business. Because of this, malicious actors often use email as a way to gain access to your company and run away with it. Here are some of the biggest red flags to look for when you open that next email.



protect-your-business-crop.jpg

Types of Fake Emails

Generally speaking there are 3 types of fake/malicious emails. These emails are usually trying to steal or “phish” your information to sign into a service as you, trying to get you to download a malicious item that will provide a backdoor into your computer and allow them access to do what they want, or convince you to transfer money to them.


Phishing Emails:

A phishing email will try to get you to sign in with your login details to a service they want access to. Common examples are microsoft, google, and online banking services. They will try and make their email look as close to those you normal receive, and will even create the page you go to mirror the look of what you expect from that service. Some of these are extremely good copies, with the goal being you think you are signing into the legitimate service when you are actually giving them your login information.

Infection Emails:

These emails often pretend to be someone in your contacts that is sending you a file to download. Sometimes these are even coming from a real contact because their email was compromised, and now is being used to try and compromise you. Some common attachments are word/excel files that ask you to disable the security precautions built into Microsoft Office. Once you click “enable” in the yellow bar at the top, the malware goes to work and you are now infected.

Wire Transfer Emails:

These are also very common though not often successful. They pretend to be a high up member of the organization approving a wire transfer to an account. Though this may sound obviously fake, there have been cases where millions of dollars were transferred, and once the transfer completes there is no way of reversing it.

How can you learn to spot these fake emails?

  1. Watch for out of the ordinary requests. If you aren’t sure, call the person that emailed you to confirm. Big red flags are requests to transfer money or buy and send gift cards to some odd address.

  2. Check the sender email address: When you receive an email, it will show the sender name, and the email address that actually sent it. Sometimes the email address is hidden by default but can be viewed by hovering your mouse over the email or clicking to expand the info. Make sure the

  3. An unexpected email with an attachment: By rule of thumb, only ever open a file you know and trust. If someone emails you out of the blue with an invoice attached you don’t expect, or some other random file for you to review, that is your first red flag. If the style of writing does not match the person that emailed you, check the sender address, and if that is real, contact the person that sent it to make sure they did send it. They may have a compromised email and not know it yet.

  4. Does the email have spelling or grammar errors? Is the style of writing different than normal for that person? Mix that with any of the other red flags and it is likely a fake email.

  5. Does the email contain a link to sign in? You can hover over the link and see where it is taking you to make sure it is the real domain of that service provider.

    • Google, microsoft, and banks will NEVER email you randomly and ask you to login. This is always a phishing attempt and should be ignored.





Garrett Snelling