Skip to content

Internet - Spot a fake email

Top tipsDo you know all the tricks to spot a fake email? Here are our top tips on spotting spam and phishing emails. Spam is sending the same message indiscriminately to large numbers of recipients over the internet. Phishing messages are trying to "fish" for personal or financial information.

Where does spam come from?

Junk can come from hijacked computers. These people are responsible for not securing their PC but not directly responsible for the spamming. Spammers can scan web pages looking for email addresses in contact pages or posts. Some of the time they just guess using a software program to generate combinations.

Check the senders email

Parts of an email addressIt is the email address next to that name you should check even if the sender name is someone you know. Compare the address to the one your friend usually sends from. In the case of the example fake email it says it is from Fox News, then one would expect the email address to contain The domain name portion of the email address is often the same as their main website domain name. Fox News website is, therefore their email address would be

Some spammers use cleaver tactics such as registering different domains similar to legitimate businesses. For example, the clues here are the country extension of ‘Poland’ and the ‘myfox’. Most legitimate companies keep their addresses as simple and easy to remember as possible. If the address looks overcomplicated don’t trust it. To verify the information go to their main site yourself instead of clicking the link.

Official illusions

Spam creators go to great effort to make their offer sound real. Physical addresses, quotes from satisfied customers, officials notarizing their product, even copyright clauses as in the example above. One of the easiest ways to check these facts is by comparing them to the official site. Some spam provides the opposite, as little data as possible to identify its authenticity. For example some will simply say ‘check this out’ or ‘you might like this’. Usually the senders email will give away these fakes.

Threat tactics

Many will try to provoke the user into action using threats of what will happen if you do not comply. Some may say your account will be closed, you will miss out on valuable benefits, some may even say your putting your account at risk by not actioning it now. These are common tactics in the financial industry scams where they want you to login and change your password. Some go to the extent of rebuilding a look-a-like page of the banks login. I even saw one fake that linked to the real websites terms and conditions for authenticity, however the login link and page was a fake designed to steal login information. Personally for all banking matters I type the correct address in manually each time.

Link check

Most mail programs have a way of viewing the link before you click on it. It is important you learn how to do this in your mail program. Usually you simply hover over the link and in the status bar at the bottom of the window will display the address. It is the only way to know where clicking that link will take you. This works for Outlook, Outlook Express, Gmail, Hotmail and many others. The pictured fake email example has zero links that point to Fox News or science articles.

Internet COuntry CodesCountry extensions

Many scammers will take a popular address in a foreign country and then email people pretending to be that company. In the fake email example all linkes are appended with .pl the country code for Poland. On the right hand side you can see a list of country codes.

Poor writing skills

Often spam is sent from other countries which have weaker laws or are less likely to prosecute offenders. Because of this the language used may be their 2nd or 3rd language. In our example email at the top, the body of the text clearly shows English is not their primary language. Parts of it do not even make sense. If this was research from American Scientists delivered by Fox News you would expect that they could use basic English.

What to do with spam

Do not reply – There is no point in replying to spam. It is highly unlikely the reply address is valid. You would only be confirming your email address is valid and active.

Do not unsubscribe – If the email is from a reputable company or membership unsubscribe works perfectly. However if you suspect it is spam do not use unsubscribe. You would only be confirming your email address is valid and active.

Delete it – Do not action any links simply delete the email.

Report it   – General Spam In this case I would just delete it unless you feel the company who’s name is being used should be notified. If the spam is from someone you know, recommend they clean their pc and change their email password.

Report it – Illegal or Fraudulent Spam For dangerous spam we suggest you report it. Most countries now have departments set up to accept spam and fraud reports. Due to the security risks these emails pose to business such as banks, they have their own divisions for handling spam and fraud. This includes many online services such as PayPal who rely on the internet and need to respond quickly to security threats. If you are considering reporting a scam look for local reporting agencies. Here are some examples of organizations offering reporting and advice:

US - Department of Justice or Internet Crime Complaint Center
UK - Office of Fair Trading or Metropolitan Police
Australia - ACCC Scam Watch
New Zealand - Serious Fraud Office or Commerce Commission

  • Facebook


No Trackbacks


Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.

Form options