How to Spot a Fake Email

How can you spot a fake email? Also, known as a Phishing email?

Phishing has been around since the 1990s, evolving from a basic tool used to steal users’ AOL passwords into complex and intentionally difficult to spot imitations that appear to be sent by your boss, asking you to transfer tens of thousands of pounds to a fake account.

What exactly is phishing? As the name suggests, “luring” and trying to “catch” something is the end game – often with the intended catch being a user’s email address and password, allowing the attacker to gain access to a mailbox and from there send unsolicited emails on behalf of the unwitting victim.

Whilst phishing has evolved to use complex techniques, there are a couple of key indicators which if you learn and keep in mind you can drastically reduce your chances of being phished! Here’s a couple of our favourites:

Check the actual ‘From’ Address:

Snippet of a fake email titled "URGENT! Payment Needed" from field states Adam Harling, however, the email is <pishingyou@fakeemail.com>

An eye for detail:

Snippet of a fake email titled "URGENT! Payment Needed" from field states Adam Harling, however, the company email is spelt wrong <adam.harling@nettitude.co.uk>

If the person behind the phishing attack spent a bit more time constructing it, they might try to trick you by making the email address almost identical to the real deal. Always inspect the email address closely – here it’s our domain but with an extra T – at a quick glance you probably wouldn’t spot this!

Would they really say that?

Let’s say the email you’ve received matches the name and email address. So far, so good. You move on to read the body of the email – be vigilant here as this often gives the game away:

  • Is the email written in the style or tone of the person sending it?
  • Are there spelling mistakes or bad grammar?
  • Are you being asked to do something? Sending money somewhere, click a link, give account numbers or credit card numbers?

We recommend asking yourself “would this person really contact me about this?” If you’re in any doubt whatsoever, speak to that person either over the phone or face-to-face. If you reply to the email itself, there’s a good chance the attacker already has control of their mailbox and could reply to confirm the initial request, perhaps more convincingly the second time.

Read the email carefully; look for typos, grammatical errors, random spaces and so on. Sometimes these emails are automatically generated and as a result, can look a bit “robotic” and that’s your cue to question the authenticity.

Did you know we carry out phishing tests and follow-up education for your users as part of our Managed Cyber Security Service?

← Back to Blog
David West David West

11 February 2020

Share this article:

Posted to:

CybersecurityIT Solutions

Latest Articles

Growth through technology