However much we hate them, spam and scam emails are pretty much a part of everyday life. Even more so if you have a website and your email address is easily accessible. Of course, as a business owner you want prospective clients and customers to be able to find your contact details, so hiding your email address away isn’t really the way to go.
One of the questions that comes up regularly from our clients is whether a particular email is genuine or a scam, and we have a list of easy things to check to identify whether the email is suspicious.
What is a scam email?
Before I dive in to the 5 Easy Steps, let’s have a quick think about what a scam email is. It’s usually something that is trying to get you to click on a link which will take you somewhere you really don’t want to go, or asking for details such as bank logins or other sensitive information.
Wikipedia describes an email scam (or email fraud) as “intentional deception for either personal gain or to damage another individual by means of email”. If you are interested to learn more about the different forms a scam email can take, the Wikipedia article on email fraud gives a really great rundown.
5 Easy Steps Video
I have recorded a video taking you through my five steps with examples, which you can view here:
Step 1: Look at the Subject Line and Sender
Sometimes you can tell from the subject line that it’s an email that you don’t want to open. For example, I received one this week with a subject line including the words Urgent Action Required and it was coming from firstname.lastname@example.org <email@example.com>
They are obviously wanting me to think that it’s from my own company firstname.lastname@example.org but the georgina.crewe bit tells me it’s clearly not. So, I know before even opening it that this isn’t going to be genuine.
What would I do in this case? Mark it as junk, delete the email without a second thought and move on!
That was easy right?
Similarly, if it’s an email claiming to be from a bank that I don’t have a bank account with, that will instantly be marked as junk and binned.
But some emails take a bit more inspection to be sure. In which case I will open the email and check certain things. Let’s stick with the Urgent Action Required email for the moment and I will take you through what to check (yes, I know I said I’d delete it but I’ve kept it for the moment as an example!). Here’s a screenshot of the actual email:
Step 2: Who is the email actually from?
So it says it’s from email@example.com. We know that’s nonsense as it’s not an email address that we use in our business, but if I wanted to check if it was actually from someone in my company, I would check the email address it came from. In this case it’s firstname.lastname@example.org:
We can see from this that it’s definitely not from someone in my company, so again it’s very clear that this isn’t a genuine email.
Just a quick word of warning though… it is possible to send emails that look as if they are from a genuine email address. So if they were being very clever they could have made it look like it came from email@example.com – if it’s looking like it’s coming from a genuine email address, do continue with checking the rest of the steps before taking any action.
Step 3: Check Links (but DON’T click on them!)
The next thing to check is where the any links in the email are taking you to. But I can’t stress this enough, DO NOT click on the links!!!
So, back to my example email. There’s a link right in the middle of it – so the intent is obviously to get me to click through. I hate to think where I would end up if I did! The link says “Use Same Access” but if I move my mouse over it in the bottom left of the screen I can see where the actual destination is:
Now, that doesn’t look right does it? Definitely dodgy. So again, it’s mark as spam and delete!
Step 4: Are they asking for any sensitive information?
I expect you’re getting the hang of this now! The next warning sign for me is if the email is asking for any sensitive information. For example, if it’s asking for you to confirm login details or similar. You know that your bank would never ask you for sensitive info by email, don’t you? Whatever you do, don’t hand out any details without checking independently first (i.e. by calling your bank at a phone number you know is theirs, not from any details in the email).
In my example email they’re wanting me to set a password, so that definitely rings alarm bells.
Step 5: Check Spelling and Grammar
And finally, this might sound like a slightly odd step, but one indicator that an email might be a scam is if it is weirdly worded or full of spelling and grammar mistakes. My example email mostly sounds okay, except I find the wording of the link (Use Same Access) a little weird. And in one of my other examples in the video (you watched that, right?) has “we identified pending on your behalf” in the subject line, which to me doesn’t sound like it makes complete sense.
I know we all make typos and get our words muddled at times, I know I do, but weirdly worded emails can be a sure sign that they aren’t genuine.
So here it is, my five steps for easily spotting scam emails. I know that when we’re trawling through our emails every day it can be easy to think something is genuine when it’s not, so just take a moment to pause and think about it – you can quickly run through my five steps and avoid accidentally clicking on something you shouldn’t.
If you’re signed up for our Website Management service, you can use us as your safety net. If you’ve received an email that you’re just not sure about please feel free to forward it to us and we will inspect it for you.
And if you have any questions about our services please contact us and we will be delighted to talk to you.
If you found this useful, why not sign up for our shiny new newsletter so we can deliver our top tips straight to your mailbox.