Have you ever wondered how you can tell if an email is fake? We’re referring to hoax emails when we talk about fake emails that are sent to defraud you or trick you into doing something you shouldn’t. These emails are classified as phishing emails as well.

Phishing emails are used to carry out a number of cybercrime schemes. Every day, we all get several emails, many of which end up in our spam files. Yet phishing emails easily escape the scrutiny of the email client several times and are sent to our inboxes.

So, we’ve got you covered if you’re wondering how to spot a fake email or, more importantly, how to say if an email is fake or true.

7 Tips for How to Tell If an Email Is Fake

Inspect the Email Header Info to Verify Whether the Sender’s Address is Legitimate

The fact that the attackers claim to be legitimate businesses or individuals is the first sign of a phishing email. By posing as a legitimate individual or corporation, the victim of the cybercriminal is more likely to assume that the email is legitimate and will engage with it.

“Legitimate organisations usually send emails after the “@” symbol from email addresses containing the domain name of the corporation. xyz@wellsfargo.com, xyz@amazon.com, xyz@apple.com, and so on. In other words, what comes after the ‘@’ sign should be the property of the organisation. You must own the domain name to have such an email address, or an approved individual from the organisation needs to build one for you.

Here’s how to say whether an email purporting to be from a well-known company is fake:

The email from the sender comes from public email addresses such as Gmail, Hotmail, Yahoo, AOL, etc.
The email is sent from an unspecified domain.
The sender’s name does not fit the name in the email address.

For instance, if the sender says that the email is from Chase Bank, the email address of the sender must be @chase.com or @jpmorgen.com. It’s a major red flag if the sender’s email address ends in “@gmail.com” or any other odd domain name after the @.

Look for Deceptive Domains and Spellings in Email Addresses

Some attackers are smart enough to not use a generic email address. They buy domain names that look similar to the legitimate company’s domain that they wish to impersonate. They commonly add extra words or replace some of the letters/words in the original domain name. Check out the below table to get a clearer idea of how scammers use deceptive domains:

Trick Example Example
Original domain Duplicate domain
Replace “S” with “5 chase.com cha5e.com
Replace “m” with “rn macys.com rnacys.com
Replace “L” with “1” wallmart.com wal1mart.com
Replace “O” with “0” wellsfargo.com wellsfarg0.com
Add extra words apple.com ebay.com apple-online.com ebaysupport.com

Now, even if email recipients are vigilant, they might fail to see the difference between support@wellsfargo.com and support@wellsfarg0.com! A perfect example of this occurred recently when an employee of “Shark Tank” star and entrepreneur Barbara Corcoran fell for a phishing email. The attacker sent an email to Corcoran’s bookkeeper while impersonating her assistant and instructed the bookkeeper to pay to a vendor that Corcoran allegedly invested in.

Thus, it’s vital that you always review the sender’s email address with extra caution.

Watch Out For Uncommon Uses of the Email Bcc Field

In some emails, instead of receiver lines, you will find your email address specified in the Bcc sector. Although there is theoretically nothing wrong with keeping the receiver in the field of Bcc, when dealing with clients, it is rare for organisations to do so. For example, to check the account details or to request customers to download the transaction receipts, no legitimate business will send a blind carbon copy email. About why? And they will make direct contact with you.

If your email address appears in the Bcc area rather than in front of “To:” or “Send To:,” the email is most likely a scam.

Look at how the sender includes my email address in the Bcc column rather than the recipient (To:) area. Even, to mislead the receiver, see how smart the sender is by using “@amazon.com” as part of the sender’s show email address.

Check Whether Embedded Links Redirect to Unexpected Websites

Unexpected redirect links are another feature of a fake email. The email’s embedded links must guide you to the same web page as the link itself. Scammers, however, use text that looks like it would take you to a legitimate website, but actually you are taken to a phishing or malicious website by the hyperlinks they embed.

You get an email that looks like it’s coming from PayPal, for instance. It is informing you of an attempted unauthorised login and demanding that you change your password to secure your account. You can change your password by going to https://www.paypal.com/account/passwordChange. As the connection looks legit, you think it’s safe to click. But when you click on this page, you will be redirected to a spam website that looks legitimate because it uses the design of the website, colours, fonts, and logo of PayPal. Here, you can try to trick the fake website into sharing your login credentials or other sensitive information.

Some links may guide users to a malware-infested website that instals malware on their devices without their knowledge. The majority of malware is sent via email, according to Verizon’s 2020 Data Breach Investigations Report (DBIR).

Often, in the ‘Unsubscribe’ tab, malicious redirects are even concealed.

But, without actually clicking on the connection, how can you say if it’s legitimate? You can search for fake ties in suspicious emails in two ways:

1. To show the real URL, hover your cursor over the page. Hovering your mouse over the link will reveal the destination, as seen in the screenshot below. If the pop-up URL is different from the details that the linked text shows, it is likely to be a malicious connection. Don’t give it a click!

2. Right-click on the appropriate connection (or button) and pick ‘Inspect’ from the drop-down menu.

  • On the right-hand side (or at the bottom), you’ll see a new window pop up with a bunch of code.
  • Here, you’ll see a URL after <a href= text.It is where the given text/media links to. In other words, it shows that if you click on the link, it will take you to that specific URL.

I’ve right-clicked the word authentication and picked Inspect from the menu. The URL of the website that is connected with the term authentication can be seen on the right side. (NOTE: Not all email clients allow the elements to be inspected this way.)

You can always inspect the suspect ties, media, and buttons by following this technique.

An Extra URL Searching Tip

If one of the links you see uses a condensed URL (links starting with tinyurl, bit.ly, goo.gl, is.gd, t.co, etc.), you can use this page to see the extended URL: getlinkinfo.com.

Historically, people have been shortening URLs to make links look more professional and take less space. Spammers, on the other hand, are also using URL-shortening software to conceal their malicious connections.

Pay Attention: Don’t Ignore Unusual Spelling and Grammatical Errors

It’s a red flag if an email includes multiple grammatical, spelling, or punctuation errors. Strict email protocol and editorial guidelines are practised by legit firms. Although some minor typos may occur on occasion, it is unusual to see multiple errors in a single message. Never ignore mistakes like that.

Check out the example below for a few explanations of how to say whether an email is fake. Although you can spot that the email is fake from the odd email address of the sender, there are also other red flags. Find out the mistakes in spelling and punctuation (marked with red underlines). With too many glaring mistakes, a respectable business like Apple doesn’t send an email.

Ask Yourself Whether the Language Seems Fishy, Pushy, or Urgent

Emotional responses such as rage, shock, empathy, panic, curiosity, etc. would be activated by scammers. They’re more likely to trick their goals into doing something they wouldn’t usually do by doing so.

They may, for example, send you emails about the following topics:

  • A great offer/discount on the items.
  • Winning a high-priced lottery
  • Work Offering
  • Unauthorized Your User Access
  • Data-breach of your credentials incident
  • Credit Reports for Free
  • A (fake) purchase from your account (see the screenshot from Amazon in the preceding point)
  • A fundraising initiative for poor/rare disease sufferers/victims of natural disasters

There are several things that evoke emotional answers from recipients of emails. Hackers understand this and will use email subjects that will stimulate targets to take action without stopping to thoroughly inspect or analyse the emails.

As you can see, because of some mysterious bank-related problems, this example email mentions a temporary hold on the Stripe account. Now, after reading such an email, it is possible that individuals using Stripe on a daily basis (businesses, freelancers, advertisers, remote workers, etc.) will get nervous and attempt to reply immediately.

Hackers enjoy creating a sense of urgency. Scammers often enforce time limits to compel users to take prompt panic action. Take a look at the email below for an example. Along with the threat of account suspension, a deadline is listed. Attackers often put 24- or 48-hour deadlines on victims. These deadlines compel users to take the actions suggested in the email promptly.

Ask Yourself if Email Attachments Are Unsolicited or Unexpected

When it comes to email attachments, a good rule of thumb is to ask yourself, “Did I request this information?” Cybercriminals often send emails with fake attachments in the hopes that you will unintentionally download their malicious executables. These attachments may take a variety of forms, such as:

  • Invoice documents
  • Receipts for payment
  • Photos or other graphics
  • Pricing sheets
  • Spreadsheets

Take a look at the phishing emails that one of my colleagues sent.

In this case, Outlook was able to quickly recognise the attachment as a potentially dangerous or suspicious file. That’s not always the case, however, and malicious attachments move through email filters several times.

Document-based malware has become relatively widespread like this. This is because Microsoft and Adobe introduced the ability to use scripting and macros to make Word and PDF documents behave like executables. Some extra concerns are shared by Sophos:

Certain forms of document-based malware are able to spread to other documents on an infected device. Once there, the malware could end up being spread by any legitimate document a user sends to friends and colleagues.

If you’re unsure if an email or an attachment is fake or not, contact the sender directly. Preferably, use a number that is specified on an official source such as a business contact directory to call them by phone. Never contact anyone using the contact details contained in a shady email!

Be Vigilant (Even If the Email is From a Legit Email Address)

When attacks use a false email address, the above tips will help you decide whether an email is fake. But what if you get from a friend or relative an odd or unsolicited email from their authentic email address?

There are various forms of malware and cyber attacks that can infect the computers of a user and send phishing e-mails to other victims on their behalf. The emails from the sent folder can be removed by these forms of malware, and the victims remain unaware of such a compromise. There is no exact way for a “unusual email” to be identified, but just use your instincts. Something might look or sound “off” about the email; for instance, the email might ask you to:

  • Move money immediately to help them.
  • To get the advantage of an amazing (unrealistic) deal/discount, open a website.
  • Donate money to some agency that is unknown.
  • Please include your phone number, files, or personal details in your response.
  • Download a piece of software, an attachment, or a piece of media.

If you receive such an email, you should call the sender directly (even if the email is from a valid email address) before taking any of the actions suggested in the email. Your loved one’s email address could be hacked, and they are totally unaware of it!

Why Cybercriminals Send Fake (Phishing) Emails

With their email phishing tactics, scammers are getting smarter and more creative and even the most diligent individuals are victims of email phishing scams.

Emails about phishing are sent to:

  • To get victims to connect with you, build a sense of urgency.
  • Deliver malware through attachments or connections to the victim’s computer.
  • Redirect victims to a malicious website or a website that looks like a copy of the website of a reputable organisation.
  • Trick recipients into sharing their login credentials, financial records, or other sensitive data.

To protect yourself and your business from email phishing scams, it’s imperative that you and your employees learn how to identify a fake email.

Wrapping Up: What To Do If an Email Is Fake

The seven tips listed above will certainly help you spot a fake email. But what do you do if you get such an email? Ignoring fake emails like that won’t be enough. As soon as you get them, you can also remove phishing emails. However, before you delete them, you should:

Block the sender: Select the More option on the email (three vertical dots). It can be found in numerous locations in all email clients. On the upper right side of the email, for example, Google Chrome’s More tab is located. It can be found at the bottom of the email in Yahoo. Click on “Report as spam” and “Disable this person” to check for the three vertical dots.

You can right-click on it in your inbox if you don’t want to open the email. Go to Switch To and pick Spam from the drop-down menu in Gmail, for example.

Report the Phishing Email: If you receive a phishing email from someone posing as a business, forward it to the company’s official customer service email address.

If you’ve become a victim of cybercrime as a result of a phishing email, file a complaint with the following organisations:

  • FBI Internet Crime Complaint Center (IC3)
  • U.S. Federal Trade Commission
  • The Anti-Phishing Working Group (APWG): reportphishing@apwg.org

Categorized in: