While our mail filter does a great job in catching fraud emails, there will always be a few that fall through the cracks. This quick guide will show you some tips on how to spot these emails, and what to do when you see one.
Email Address
When it comes to fraud emails, one of the key points to look at is the “From” email address. On fraud emails, senders will attempt to mimic an email address that you may be familiar with.
Sometimes, the email address is extremely obvious that it is not the person they claim they are:
Other times, the email address is a little harder to decipher if it is real or fake:
Email Contents
Fraud emails have a variety of ways to lure a recipient into completing the actions that they wish. The following are ways that an attacker may attempt to lure a recipient:
| Type | Description | Example |
| Services | An attacker may attempt to pretend to be, or spoof, a business or service that the recipient may use on a day-to-day basis. This would include PayPal, Verizon, ADP, SAP, etc. | Fake PayPal Link |
| Urgency | An attacker will curate an email that will try to push you to do an action using time-critical messages, such as “I need a favor ASAP”. | Check “Additional Resources” to see what happens if you provide a mobile number to an email like this. |
| Reward | An attacker may create an email that looks as if you will earn something or obtain a reward for completing a task. |
There are other ways that a fraud email may attempt to trick you, but the above are just some of the more popular approaches.
Email Attachment
Attackers may also lure you into downloading attachments that may be harmful to your computer. Attachments may include PDFs, ZIPs, DOCX, PPTX, etc. They may also add links to their emails that go to a fake website. Below is an example of a link that has been tampered with.
Typically, you’ll find that a link to an email address will read as what is visible. However, in the above link, we can see that someone changed the contents of the link. One way to protect yourself is by looking up the website on a search engine, or by manually entering the website address into your address bar on a web browser.
Phishing attempts may be hard to notice at first, but following some of these tips can help you decipher.
1) Do you know the sender of the email? Are you expecting an email from them?
2) Does the email address look legitimate? Does the email address match the service that appears in the email body? Many attackers will use a generic email address but will pretend to be a familiar company such as Facebook or Google.
3) Does the link inside of the email look off? Many attacks will have you click on a website, which will bring you to a fake site. Before you click on it, you can hover over the website link and see where it takes you.