Checking For Fake Spam Emails
As mentioned earlier, there are two types of fake email addresses. The one we havent discussed in detail yet is spam addresses.
Here are some ways you can determine whether a certain email is a fake spam email.
Of course, none of these things guarantee that an email is fake. Business use free email addresses companies make typos. These things happen every day.
However, these things should raise a red flag, especially if you see more than one in a given correspondence.
Have You Been Scammed
If you think you have provided your account details to a scammer, contact your bank or financial institution immediately.
We encourage you to report scams to the ACCC via the report a scam page. This helps us to warn people about current scams, monitor trends and disrupt scams where possible. Please include details of the scam contact you received, for example, email or screenshot.
Spread the word to your friends and family to protect them.
How To Identify Email Spoofed Phishing Attacks
Did you know that email scammers can easily forge the email from address? Its called email spoofing and it can make the job of spotting scams more difficult.
Email spoofing is a form of impersonation where a scammer creates an email message with a forged sender address in hopes of deceiving the recipient into thinking the email originated from someone other than the actual source. Scammers will use email spoofing to help disguise themselves as a supervisor, professor, or financial organization to trick users into performing some type of action. Scammers use this method of deception because they know a person is more likely to engage with the content of the email if they are familiar with who sent the message.
There are various types of email spoofing.
Display name spoofing portrays a display name of the person being impersonated while leaving the actual sending email address intact.
Example 1: “John Doe” < firstname.lastname@example.org> Example 2: “John Doe” < email@example.com>
There are a few things you can do to help determine if an email is coming from a spoofed email address or is otherwise malicious.
You May Like: Find All My Email Addresses
How To Detect If An Email Is Spam Or A Phishing Attempt
So, you got an email telling you that your email account is being upgraded, your account will expire, or maybe your email has exceeded some limit.
How do you determine if the email is valid or not? Well, I will attempt to show our Math Department users how to do this by just loooking at a phish email and checking somecommon email headers and also how to get the full email headers.
What Will Scammers Do With Your Email Address
Once a scammer gets your email address, theyll use it to benefit themselves in any way possible.
Many will send you spam email, with the hope of collecting private information such as credit card numbers. Theyll try and trick you into thinking youve won something, or that they have a great item for sale. Hackers might even use your email to impersonate you and message your contacts.
Other scammers will use your personal information to try to access your other accounts. Most people re-use the same passwords for different accounts, meaning hackers who have access to one account can easily infiltrate others.
Lastly, hackers can sell your data to other spammers. Your private email addresses and passwords are a hot commodity among scammers. Compromised information often ends up on the dark web or nefarious message boards.
Read Also: Toobigforemail
Look At The From Address
The from address is next, but different from, the display name. The display name can be anything the sender wants to write and is not evaluated as part of the email authentication protocols. Translation- its not very trustworthy. The from address is what is typically evaluated for email authentication.
Does the from address make sense? Make sure there are no typos or misspellings in the from address domain . If the company name is misspelled in the from address, thats not a typo. Its probably a phishing email
Is it what you would expect for the domain of that company? If so, that doesnt necessarily guarantee its legitimate. Sometimes businesses dont use the domain we would expect to send emails. If its something completely off the wall, it could be a phishing attack.
NOTE: this step is important because attackers using cousin domains can set up email authentication for their malicious domains. These domains could pass DMARC based on the cousin domain and still be malicious. If you are not sure what the domain should be, you may want to confirm that it is the right email domain for that company. You may be able to do this with a search engine or from looking at other emails you have previously received from that company.
Odd Language Or Broken English
An essential sign to look out for is broken English or confusing language. Many scam emails come from non-English-speaking countries, and the people writing them dont always have a strong command of the English language. If incorrect tenses are being used or if important particles are missing from sentences, thats a red flag that an email is a scam.
You should be on the lookout for incorrectly-spelled words. If a major company sent an email, theyd have taken the time to check it carefully. While spelling mistakes doesnt immediately mark an email as fake, it does warrant more caution.
Don’t Miss: How To Get Deleted Emails From Gmail
What To Do If A Scammer Has Your Email Address
If a scammer has your email account, you should try to change the password immediately. If the hacker hasn’t considered changing it, you’ll have some time to set a different, stronger password and force the hacker out.
Unfortunately, hackers will likely change the password to lock you out. In this case, you’ll need to go through your email provider’s support page to unlock it again. They typically ask for past login information and may require proof of identity to give your account back.
Once you’ve changed your password to something stronger, try adding a 2FA security measure to your account. Even if a hacker gets your password again, they also need to have the 2FA token on-hand, which is easier said than done.
If this interests you, be sure to learn how to secure your Gmail and Outlook accounts with 2FA.
The Attachments Or Links Are Dubious
Attachments and links are not only used for phishing but also for infecting your system with malware. When you click on the link sent to you, youre risking the security of your computer as well as that of every device linked to the network your computer connects to.
The purpose of the phishing email with attachments is to gain access to your personal or financial information. These types of information can include:
- Login credentials,
- Social security number or another identifying number,
- Bank account numbers, and
- Phone numbers.
One way in which this is done is by asking you to click on the link. When you do, youll be taken to a page that says youre logged out and need to log in again to continue. This will help the hacker to register your details from the fake login page.
Some hackers take this kind of scam a step further. They call first and let you know that you should expect an email containing, say, an overdue invoice from them. Then, once you receive the email and open the attachment called Invoice, it will be too late. Youve opened a malicious file and now the attacker will be in your system, creating havoc.
The figure below shows that the email is asking me to click on the link. However, when I hover my cursor on the link, you can see that the link would take us to the senders Google drive. It is not an actual site.
Don’t Miss: Why Am I Not Getting Emails On Gmail
What Should You Do If Youve Received A Scam Email
- Do not click on any links in the scam email.
- Do not reply to the email or contact the senders in any way.
- If you have clicked on a link in the email, do not supply any information on the website that may open.
- Do not open any attachments that arrive with the email.
If you think you may have compromised the safety of your bank details and/or have lost money due to fraudulent misuse of your cards, you should immediately contact your bank.
How Craigslist Scammers Try To Break Into Your Email
With your email address, phone number, and possibly your name , the scammer has enough info to try to reset your password. If they know your email address from your signature, they can use it on the account recovery page for your email provider.
While our example focuses on your email account, scammers could act out a similar attack on one of your social accounts, or whatever else is in your signature.
Since they don’t have your password, they’ll try to reset it. Depending on the security options you’ve set up and the recovery options on your account, the scammer will choose the option to send a recovery code to the phone number you provided in your signature, or perhaps a secondary email address.
Depending on where the scammers are located, this message may contain text in a foreign language, too. This is a telltale sign of a scam.
Now, this is where the crux of the scam comes in. After you’ve expressed interest in whatever item the person is selling, they will get back to you, claiming that they want to make sure they’re dealing with a real person because there are a lot of scammers on Craigslist.
To prove you’re real, they ask you to tell them the code that “they” sent you. If you do this, you’ve fallen for the scam. Using this code, the scammers can then reset your email password to whatever they want, locking you out of it.
Recommended Reading: How Do I Access Archived Emails In Outlook
What To Do If Ip Is Not There Or Email Is Sent From Gmail
If you are not able to get the IP address of the person, At least you can know the country of the email. Search for Date: and at the end of line, see the time zone:
Here the time zone is +0100. Treat it as +01:00. Although, there will be so many countries belongs to a timezone, but you may get an approx idea.
In case you have any problem in any step mentioned above, you can ask me via comment.
If you like this post, you can subscribe us and add me on various social media
Using The Checklist Below Learn How To Quickly Identify Potential Email Phishing Scams
If you answer yes to any of the following questions, the email you just opened may well be a scam.
Is the email from someone you do not know personally, or communicate with normally?
Is the person asking for something unusual, issues related to an online account or password, or otherwise acting out of character?
Is the senders email address from a suspicious sounding domain?
Were you CCed on an email with some other people you do not know?
Does the subject line seem irrelevant, not make sense, or not match the content of the email?
Is the email a reply to a message you never sent?
Did the email come at an odd time, like 2:00 am?
Is the sender asking you to click on a link or open an attachment?
Does the email contain a .zip or other executable file?
When you hover over any links within the email, does it show a different link than what is contained within the body of the email?
Does the email contain a link, but no other information?
Is the link to a well-known website, but spelled incorrectly and somewhat suspicious looking?
Is the sender stating something bad will happen if you do not click the link, or that there is extreme value in clicking the link?
Does the email contain poor grammar or spelling mistakes?
Is the sender warning you that they found inappropriate content or images of you online?
Is your gut or Spidey Sense trying to tell you something
You May Like: How To Find Email In Archive
Fake Websites And Other Internet Scams
If you need to apply for an eTA, be careful when you deal with companies that claim to offer help to get one. These companies are not working with the Government of Canada. Many have websites that charge a fee for information and submitting eTA applications.
This Government of Canada website is the official place to apply for an eTA.
Its easy for criminals to copy a real website or build one that looks professional. Websites may claim to be official Government of Canada sites or their partners. Others may claim to offer special immigration deals or guaranteed high-paying jobs. They do this to trick people into paying them money.
Some of these sites may try to get you to give them your private information. This could be used to steal your identity.
Here are some things to watch for:
- If the website claims to offer special deals to people who want to immigrate, dont deal with them. Dont pay for offers of guaranteed entry into Canada or faster processing of your application. These claims are false.
- Check the address in your browsers address bar when you land on a website. It should match the address you typed.
Here are some other ways to protect yourself:
Trying Hard To Be ‘official’
Scammers often try hard to make the email sound official. They will do this in a number of ways, including using the word official.
You are unlikely to see the messaging in a truly official email shouting about how official it is.
Scam emails may also contain information such as account numbers and IDs designed to trick you into thinking the email is genuine. Check any of these against your records to see if they match.
Recommended Reading: How Do I Delete Emails On My Iphone
Asking For Personal Or Bank Details
If an email is asking you to update or re-enter your personal or bank details out of the blue, it is likely going to be a scam.
Personal information includes things like your National Insurance number, your credit card number, Pin number, or credit card security code, your mother’s maiden name or any other security answers you may have entered.
Most companies will never ask for personal information to be supplied via email.