Fake email is a problem. Hackers can spoof the appearance of the sender in an email, but email software designers try to keep one step ahead. I’m usually quite good at spotting fake emails but every now and then, when one seems very relevant, I find myself looking twice and double-checking.
I then wonder how it must be for people who are not so technical. So…
How do you spot a fake email?
The easiest way to tell if an email is genuine is to place your mouse pointer/cursor on top of their address or link and wait. On a computer, you won’t need to click. Take your hand off the mouse, if the pointer moves, the true address may not display.
At some point, depending on the software you are using, a tooltip or pop up will appear with the actual address whether it be a web address or email address. There’s a screen-grab of a fake email below. Look at the true domain revealed by the mouse pointer.
Check the Sender
If you’re on a tablet or phone, things are slightly different and a little more awkward but on an iPhone you can tap on the email header once opened and then tap on the sender link which appears after From: [Address]. The sender’s email address should the appear as a contact, look at the part of the email address after the @ symbol to be sure that it is from the domain that it claims to be from.
Clicking on the sender and viewing the contact details may also be possible in Gmail and other apps on Android devices although some users report that this is not possible. Never open an attachment if you have doubts about the sender and remember also that carelessly tapping or clicking on a link (other than the address in the header) could lead you to visit a malicious website, damage your device or compromise your privacy and security.
Inspect Links
If you are using webmail – you access your email by going to your provider’s website – hold the pointer over the link in question and the URL (address) containing the domain will be displayed (sometimes at the bottom of the page, sometimes as a tooltip type of popup depending on your browser).
Have a look at the domain that appears. In an email address, it’s simple, just the part after the @. Website addresses take a bit more time to decipher because of ‘subdomains’ that could appear before the actual domain name. It’s the bit at the end of the section with dots before the first single slash (if there is one)
e.g. evilhacker@fake-site.net or http://fake.spam.intrusion.fake-site.net/email/fake/message.htm
Preventing Junk / Spam
Spoofed or fake emails are quite different from regular legal junk mail, but you can attempt to control them along with all the unwanted ‘legitimate’ emails you receive. Actively using your spam folder, marking messages as spam or junk and unsubscribing from unwanted emails can help with this in some way and you can usually adjust Spam controls with your email provider to reduce the number of malicious emails you receive.
Be aware that doing this can result in ‘false positives’ i.e. good emails that end up in the Junk folder. So if you alter spam settings with your software or your provider, check those Junk folders to see if good emails have ended up there, especially after you first make changes.
Learning how to spot a fake that appears to be from someone you usually trust is still important because illegal spammers and hackers constantly change the addresses they send from making it harder for email security software and email providers to detect them and keep them out of your inbox.
And If You Are Not Sure?
Many malicious messages are designed to be scary. If you are unnerved by a suspicious email claiming to be from your bank or some other organisation, you might be tempted to click there link in the email and investigate. Don’t do it. If you want to visit their website to put your mind at ease, use a search engine or better still, type their address into the address bar of your web browser.