How to Know if An Email is a Scam

E-mail has been a primary mode of communication for almost three decades now. While it became popular in the 1900s, it didn't become ubiquitous until the early 2000s. And where something is popular, there are people out there who want to take advantage of that popularity. We have come to trust email that same way we trust any other message. But every so often, a scam or spam message may end up in your inbox.

Most email systems are good at filtering out false or fishy emails. Typically they land in your Spam inbox and can be immediately discarded. However, sometimes an email may fall through the cracks and end up in your main inbox. If you believe an email in your inbox is a scam, there are

Warning!

If you have a suspicion that an email is a scam, do not click on any links. Thankfully there isn't much that can be done if you merely open the email. But if you click on a link, download an attachment, or respond, you could be forfeiting important information.

If you do open the email, the hacker can still learn:

• Your location.
• The internet service provider or mobile carrier you use.
• The device you used to open the email (desktop, tablet, iPhone / Android).
• What operating system you’re using (iOS, Mac, Android, Microsoft Windows, Linux).
• The email client you’re using (Apple Mail, Outlook, Gmail, or Yahoo Mail). 
• Which web browser you’re using (Apple Safari, Google Chrome, or Firefox).

Common Red Flags

You can typically tell an email is a scam if it checks even one or two of the following boxes:

Poor spelling and grammar

While you shouldn't assume that every single email with a typo is a scam, if the email is particularly poorly written, it may be a scam. Often but not always, these scams come from overseas and the person who wrote it may not be a native English speaker. Or the email may have been put through language translators. Either way, keep an eye out for obvious mistakes to spelling and grammar that you would not expect from that person or company.

Requests for unusual information

These scam or phishing emails are usually aimed at collecting information from you, such as passwords, bank account information, addresses, and even social security numbers. As a result, the body of the email may contain a request for that information. For example, the email may claim to be from Netflix and tell you that your account bank details aren't working, that you need to reset/reenter your login password and payment information. It may claim to be from PayPal and tell you your account has been compromised, to please re-enter your credentials.

In reality, companies like this would never request this information via email. At most, they'd tell you to log into your account through your own means and correct the problem. If they tell you to click a link within the email to do so, it's probably a scam.

Weird links

Speaking of links, these emails will include links that don't go where they say. A lot of the time, the goal of a fake email is to make you click a link which will steal your sensitive information. You can double-check a link before clicking on it. Open the email on a computer, then hover your mouse cursor over the linked text without clicking. At the bottom of your browser, you should be able to see the full URL. You can also right-click on the link and choose "Copy Link Address", then you can paste the URL into a document to examine it.

You would expect to see a normal link that is more or less legible. However, if you notice that the URL has a ton of random strings of letters and numbers, that could be a dangerous link.

Weird email/domain

Look at the email address that the message came from. It should align with who the email says it's from. For example, if you get an email from Chase bank, you might expect the email to be something like no.reply.alerts@chase.com. However, if you notice it's from chase@gmail.com or tu768we@chase-1266.com, you should be suspicious. You can copy and paste the email address into Google and see what results turn up. If the email aligns with existing website contact pages for that company, you're in the clear. If not, you're on the right track.

Something too good to be true

Many of these scam emails will lure you in with the promise of something amazing. Some of the most popular are notifications that you've won money, tickets to a cruise, an Amazon gift card, or something similar. If you know for a fact that you didn't apply or sign up to a contest, you can assume immediately that these emails are fake.

How to confirm that an email is a spam

The single most effective way to determine the validity of a fishy email is to reach out to the sender another way and ask. Call the person or company, use a previously verified email, or reach out through social media instead. You can include a screenshot of the email in your message and let them know of your concerns. They should then be able to confirm whether or not you can trust that email.

You can also compare the email with a previous email from the same person or company. Look at the logos, the email address of the sender, the footer of the email. Look for discrepancies and differences. This isn't a guaranteed way to tell the difference since many scammers will replicate existing email layouts. But it's another step you can take to protect yourself.

Did you already click on a link in a scam email?

Don't panic! Follow these steps and protect your information as much as you can.

1. First disconnect from your internet. Turn off your Wi-Fi or mobile network. This lowers the rise of malware sending data from your devices.
2. Use an antivirus software to scan your device. Even if you don't notice any changes to y our phone or computer right away, sometimes malware can lay dormant. Scan your device for malware or viruses as quickly as possible.
3. Notify any companies that may be affected. For example, if the scam email was after bank account information, notify you bank that your information has been breached. They may be able to monitor your account and either prevent or protect you from the repercussions of any large withdrawls.
4. Re-secure any information you may have shared. Go change your passwords to any accounts the hackers may have accessed or that are stored on your computer. This is really the only guaranteed way to lock people out of your accounts once they have potentially gained access.
5. Harden your accounts as a preventative measure. Wherever you can, enable two-factor authentication on your accounts. That way if the hackers did access your passwords, they still won't be able to use them. If you have many credentials to keep track of, use a password manager like LastPass or 1Password to manage them and protect them.