BBB Tip: How to recognize a phony email

Email scams are becoming increasingly sophisticated, so don’t rely on your spam filter to catch every trick. The following tips will help you to recognize scam emails and delete them.

email marketing concept, person reading e-mail on smartphone, receive new message Email scams are getting more clever. Don't fall for it with these tips.

According to the 2020 Internet Crime Report, phishing scams were among the top three scams reported in 2020 and victims lost the most money to business email compromise scams. Email scams are becoming increasingly sophisticated, so don’t rely on your spam filter to catch every trick. The following tips will help you to recognize scam emails and delete them, long before they result in identity theft or financial loss.

Example of an email scam that creates a sense of urgency

Ways to Spot Email Scams

  • Recognize common tactics. Phishing emails generally use the same tactics over and over to trick victims. Scare tactics and emails that produce a sense of urgency are quite common in phishing scams, as are promises of rewards that sound too good to be true. For example, if an email says there is a problem with your credit card or your account is about to be deleted if you don’t click a link immediately, it’s probably a phishing threat. If you get an email asking you to click a link or log into an account to get a surprisingly good prize, offer or even a government grant, think twice.

 

Example of an email scam with a fake unsubscribe link
  • Take a closer look at the sender and recipients. An email may come to you in the name of a reputable company but look closely at the sender’s email address. If the address is unrecognizable, perhaps a long string of letters and numbers that don’t make sense, it’s probably an impostor. Don’t be too quick to trust email addresses with company names in them either. An email may come to you from an address that ends in @my.netflix.work, which is a far cry from an official email ending like @netflix.com.

  • Double check hyperlinks before you click on them. Roll over any links in an email you receive before you click to see where the link really leads. Suspicious links are one of the main giveaways of email scams. Sometimes, the links are shortened using bit.ly or a similar service so you can’t tell exactly where the they at first glance. Other times, when you roll over what looks like a real link, you’ll find the address doesn’t correspond with what’s stated in the blue link text. Another red flag is if the link looks familiar but contains slight misspellings. Always check that a link is legitimate before you click on it, otherwise it could lead you to a dangerous website or download malware onto your computer.

  • Don’t be quick to confirm personal information. Most scam emails are designed to look just like emails you receive from a business you trust, but with unusual requests. For example, if your bank suddenly sends you an email asking to confirm personal information, such as your account number and address, don’t reply and delete the message. If any company sends you an email asking you to provide your login credentials via email, this too is a big red flag. If you think that an email could be legitimate, it’s always a good idea to contact the company directly – not via any link or contact information in the email – to inquire.

 

email sender is not amazon
  • Be alert to poorly written emails. Many scam emails are full of grammatical errors, poor spelling, and strange sounding phrases. Remember that legitimate companies have their email messages written by professionals, edited and revised so they never come across as unprofessional. If you get a poorly written email from a reputable business, it’s probably a phishing scam.

  • Be wary of attachments, even if they are sent by a friend. If you receive an email with an unexpected attachment, don’t be too quick to open it. If you click on a malicious attachment, it could download a virus or malware onto your PC or network. Even if it looks like you know the person or company who sent the message, check with them first to make sure the attachment is safe.

  • Keep your security software up to date and running. The FTC recommends protecting your computer and mobile devices with security software that can help you recognize threats before it’s too late. Keep any software you install up to date so it can protect you against new threats. In addition, if you think you clicked on a dangerous link by accident, you can open up your security software and run a scan right away to identify and potentially contain the threat.

 

For More Information

Stay alert to these and other scam tactics by visiting BBB.org/ScamTips.

If you think a scammer has your personal information, visit IdentityTheft.gov to learn what specific steps you should take, based on what information was compromised.

Report any scams you encounter across at BBB.org/ScamTracker.