The Compromising Video Hoax
One recognized hoax email campaign claimed that the threat actor had placed malware on the email recipients system. This malware, the email stated, allowed the threat actor to capture webcam footage.
Furthermore, the threat actor claimed the malware captured all of the recipients personal contacts. The recipient was instructed to pay the extortion demand to a Bitcoin wallet within 24 hours in order to prevent personal and private information from being emailed to all of their personal contacts.
Verify The Domain Name
There are several well-known domains everyone is familiar with but what if an email was sent from the one you dont know? How to verify if an email address is real or fake? In that case, you should search for websites that can scan domains and provide insightful details. You could use a non-profit public-benefit corporation ICANN. Simply enter the domain name in the box and verify the validity of a received email.
Get Free Help Finding Fake Email Addresses Today
Surely, you have repeatedly wondered how can I tell if an email is fake for free and quickly? You can use the basic guidelines:
Naturally, if you are serious about the question of how I know if an email is fake, these methods still cannot guarantee a 100% result.
Read Also: Why Is My Email Not Updating
The Domain Is Misspelled
Goggle.com, Gooogle.com, Googgle.com, Paypals.com, Payspal.com, Yahoos.com, Yahooo.com
Weve seen them all and they are all a scam. A legitimate organization would never misspell their own domain name in their email address. Make sure youre reading the domain of sender email addresses very carefully. Sometimes we can glance over things like this not realizing they are misspelled because our brains dont always slow down enough to catch errors. However, when it comes to email, its better to pay attention to even the most minute of details.
The Email Promises Financial Windfall Or Grave Penalties
There are no free lunches in this world. The people who win the lottery and other prizes are extremely rare. So, if the email you received informs you that you have just won a contest that you have no memory of participating in, its a fake email.
There are countless phishing and other financial scams whose victims are ex-pats and immigrants. Many governments have issued official notifications and warnings against such scams. The scammer will impersonate the countrys Home Ministry or government and ask for money or information from the person. The person is most likely to give in at once as they do not want to leave the country of their residence and go back to their homeland.
In recent times, when the entire world is affected by the pandemic, the COVID-19 has given way to another type of scam. In COVID-19-related scams, cybercriminals often pretend to be:
- Affected by the pandemic,
- Working for the people who are affected by it, or
- Working in emergency response and relief organizations or at official government agencies.
They ask for financial help and donations with the hope that youll have a good heart and want to help those affected by the situation. However, if you donate, youre actually paying the criminal instead. Fake charities are, unfortunately, a symptom of this dark time when we all should be helping each other fight this global illness
Don’t Miss: Why Is My Email Not Updating
Perform An Ip Address Lookup
Dont worry: performing an IP address lookup is much easier and less technical than it sounds. The purpose of an IP address lookup is to determine the geolocation of an IP address. Each email message you receive comes with the IP address of the server it originated from. Normally, you cant see this IP address because its hidden, but choose to view the source of the message, it will be right there, under received from.
All you need to do is copy the IP address and paste it in any readily available online IP address lookup tool, such as the one provided by What Is My IP Address. After only a few seconds, you will see the ISP and organization associated with the IP address as well as its location. If the IP address is located in a country you wouldnt expect, be very suspicious because someone could be spoofing it.
How Can I Protect Myself Against Scams
Its hard to tell the difference between a genuine site and the fake site that youve been taken to, especially if its from a company you recognise. However, think before you click.
- If you receive an email saying there is a problem with your online account then go to that website directly and log in to check.
- If the email is creating urgency by saying if you dont update your password now, then your account will close, then again go to that website directly or call their customer services to check.
- Dont click on any attachments from any unknown sources or reply to the email.
- Make sure you have any spam filters turned on through your email provider, most will automatically put emails from unknown sources into junk/spam folders.
- Add the email addresses of any suspicious emails to your block sender lists, you wont then get an email from that address again.
- Make sure you also have virus protection software up-to-date and create strong passwords that are different from each other for various sites also update regularly.
Read Also: Why Am I Not Getting Emails On Gmail
Check The Email Header Information
The email headers contain a significant amount of tracking information showing where the message has traveled across the Internet. Different email programs display these headers in different ways. Learn how to view the email headers for your mail client by visiting the Information Security Office: Display Email Headers webpage.
Please note that email headers can be spoofed and are not always reliable. Use all of the ISO’s suggested tips on identifying a phishing message and if still unsure, report the message to .
The following tips can help identify a spoofed message in the email headers.
- Identify that the ‘From’ email address matches the display name. The from address may look legitimate at first glance, but a closer look in the email headers may reveal that the email address associated with the display name is actually coming from someone else.
- Make sure the ‘Reply-To’ header matches the source. This is typically hidden from the recipient when receiving the message and is often overlooked when responding to the message. If the reply-to address does not match the sender or the site that they claim to be representing, there is a good chance that it is forged.
- Find where the ‘Return-Path’ goes. This identifies where the message originated from. While it is possible to forge the Return-path in a message header, it is not done with great frequency.
See How Easy It Is To Create A Fake Email
In this demo I will show you how simple it is to create a fake email using an SMTP tool I can download on the Internet very simply. I can create a domain and users from the server or directly from my own Outlook account. I have created myself a and just to show you what is possible.
I can start sending emails with these addresses immediately from Outlook. Heres a fake email I sent from .
If you would like to see this process in person
This shows how easy it is for a hacker to create an email address and send you a fake email where they can steal personal information from you. The truth is that you can impersonate anyone and anyone can impersonate you without difficulty. And this truth is scary but there are solutions, including Digital Certificates
You May Like: How To Recover Gmail Emails Deleted From Trash
What To Do If You Suspect A Phishing Attack
If you get an email or a text message that asks you to click on a link or open an attachment, answer this question: Do I have an account with the company or know the person that contacted me?
If the answer is No, it could be a phishing scam. Go back and review the tips in How to recognize phishing and look for signs of a phishing scam. If you see them, report the message and then delete it.
If the answer is Yes, contact the company using a phone number or website you know is real. Not the information in the email.Attachments and links can install harmfulmalware.
What Should You Do If You Think An Email Is Fraudulent
- Dont click on any links or attachments
- If the email is from an organisation you know, check with them directly before acting on the e-mail
- Check for a trusted website by searching for it online or typing the URL into your browser.
- Report the email in an appropriate manner to the organisation which is the subject of the phishing scam, if applicable
- Block the sender and delete the email
REMEMBER: While Heritage may send information, or confirm receipt of items, by email, we will NEVER send an email that requests you to share personal security details such as your PIN, CCV number, internet banking passwords or credit card details. Heritage emails may contain links, however these will never lead you to a website that requires you to input personal details. In order to meet our obligations of the Spam Act 2003, all emails will include an unsubscribe link for the member to manage their preferences for contact.
If youve received an email from Heritage that you think may be fraudulent, you can help fight the problem by using the forward as attachment button on your message menu and sending to We use the spam that’s forwarded to us to improve our filters and look for malicious campaigns that may be getting through our protection so that we can issue warnings to our customers and staff.
Read Also: Why Is My Email Not Updating
Ask Yourself Whether The Language Seems Fishy Pushy Or Urgent
Scammers will try to trigger emotional responses like anger, shock, empathy, panic, curiosity, etc. By doing so, theyre more likely to trick their targets into doing something they normally wouldnt do.
For example, they might send you emails on the following subjects:
- An unbelievable deal/discount on the product
- A high-priced lottery winning
- Unauthorized access of your account
- Data-breach incident of your credentials
- Free credit reports
- A purchase from your account
- A fundraising campaign for poor/people suffering from rare diseases/victims of natural calamities
There are many subjects that elicit emotional responses from email recipients. Hackers know this and will use email subjects that will spur targets to take action without stopping to inspect or investigate the emails properly.
Check out the screenshot below as an example of how to tell if an email is fake:
As you can see, this example email mentions a temporary hold on the Stripe account due to some unexplained bank-related issues. Now, its likely that people using Stripe on a regular basis would get anxious after reading such an email and try to respond immediately.
Check Contact Information And Dates
Does the ‘contact us’ information at the bottom of the email link to anything? Is it clickable? Are the websites it links to genuine? If the answer is no, you should be on your guard. To see where a weblink links to without actually clicking on it, simply hover your mouse cursor over the link. In the bottom left-hand corner of your web browser, the web address where the link goes to will appear.
Are the copyright dates up to date? Often scammers will forget this detail. We came across an email scam in March 2017, which said the closing date of the competition being advertised in the email was December 31st 2016. If you see this level of inconsistency, its probably a scam.
Also Check: How To Email A Video That Is Too Large
Why Should You Check Your Emails
You might be wondering why your email doesn’t automatically check and filter out spam and fake emails with so many checks, firewalls, and layers of security out there. The answer to this question is that out of 140 million domains recently checked in a survey by SPF, 80 percent had no SPF records, which are the bare minimum for security.
Related: Find Anyone’s Email Address
Without SPF records, there’s no way for your email account to accurately filter out spam messages. That’s why you sometimes find important emails in your Junk folder, and the odd spam email in your Inbox.
No single test or sign can tell you that an email is authentic or suspicious for sure. You might have to do multiple tests to figure out whether an email is genuine or not.
Attempt To Make You Panic
A lot of phishing emails include an attempt to make the victim panic.
The above email states in bold “Your PayPal account has been temporarily restricted” and goes on to claim you won’t be able to receive and make payments or take funds.
This is an attempt from the scammer to try and make you give away your details quickly before you’ve had time to think.
PayPal has previously said that you’d be told about any problems with your account via the message centre in the website and app.
The company would not email you asking for “documents confirming your identity”.
If you want to check if there has been a problem on your account, go to the official PayPal website, login and check.
Don’t Miss: How To Send Pictures From Email To Phone
Why Cybercriminals Send Fake Emails
Scammers are becoming smarter and more innovative with their email phishing techniques that even the most vigilant people become victims of email phishing scams.
Phishing emails are sent to:
- Create a sense of urgency to get victims to engage with them.
- Deliver malware to the victims computer via attachments or links.
- Redirect victims to a malicious website or a website that looks the replica of a legit companys website.
- Trick recipients into sharing their login credentials, financial, or other sensitive information.
Needless to say, its high time that you and your employees learn how to spot a fake email in order to protect yourself and your organization from email phishing scams.