In today’s digital world, email is one of the most popular ways to communicate. But it’s also one of the most common ways scammers and cybercriminals target us — and these attacks can come in many different guises.
It’s particularly important to watch out for phishing scams, in which malicious actors pose as trusted organisations or people to steal sensitive information, are on the rise. As such, it’s crucial to be able to verify the legitimacy of an email before interacting with its content.
Here’s a guide to help you check if an email sender is truly who they claim to be.
The very first thing to do is read the email. Sometimes the grammar or general language will raise an immediate red flag. You will likely have have a good idea of how a friend or family member speaks and writes. So if you receive an email that doesn’t reflect that, it would be an indication that the email is not legitimate.
Another tip is to closely inspect the sender’s email address. Many phishing emails use addresses that look similar to legitimate ones but may contain slight differences. For example, an email from “service@netflix.com” could be altered to something like “service@netfliix.com” or “service@netflix-support.com”. These small variations can easily go unnoticed at first glance, so take a moment to examine the full email address.
Legitimate companies will usually send emails from their official domain. For instance, a bank will use “@yourbank.com” rather than a generic email provider like Gmail or Yahoo.
At first glance, the logos and colours of an email can look real. Malicious emails will often use legitimate logos and fonts in their content that can easily catch anyone off-guard.
Phishing emails are usually sent to millions of email addresses so they tend to not be personalised. These emails often use generic greetings like “Dear Customer” or “Dear User” instead of addressing you by name. Legitimate companies usually personalise emails and address customers by their full name, especially when it comes to important matters like account security or billing. If you receive an email that opens with a generic greeting and is supposedly from a company you do business with, this could be a red flag.
Legitimate companies take great care in the communication they send to customers. If you receive an email filled with obvious spelling and grammatical errors, that’s a strong indicator it may be fraudulent. Scammers often send out poorly written emails in an attempt to trick recipients into clicking on malicious links or downloading dangerous attachments.
One of the main goals of phishing emails is to get you to click on a link that directs you to a fake website designed to steal your personal information. Before clicking any link, hover your mouse over it to see the actual URL. If the link looks suspicious or doesn’t match the sender’s official website, do not click on it. For example, a legitimate PayPal email should link to “paypal.com,” not something like “paypal.verify-account.com”.
Scammers often create a sense of urgency in their emails to pressure you into acting without thinking. Phrases like “Your account has been compromised” or “Immediate action required” are commonly used to provoke panic. While legitimate companies may send warnings about your account, they will not typically threaten immediate consequences without giving you a reasonable time to act. If the email seems overly urgent or threatening, proceed with caution.
If you’re unsure about an email’s legitimacy, do not reply directly to the message or use any contact information provided in the email. Instead, go to the official website of the company and use their verified contact information to reach out. For instance, if you receive a suspicious email from your bank, call the customer service number listed on their official website to verify whether they sent you the email.
Many email services, like Gmail and Outlook, offer built-in tools to verify the authenticity of emails. For example, Gmail will display a small key or shield icon next to the sender’s email address if it’s been verified through email authentication standards like DKIM (DomainKeys Identified Mail) or SPF (Sender Policy Framework). While not foolproof, these markers provide additional confidence that the email is coming from a legitimate source. Email programs use a score system to determine if emails are legitimate. Each indicator of possible spam increases the score to the points that the email is deemed spam when that score reaches a threshold. Trust your spam filter.
Cybercriminals are becoming increasingly sophisticated, but by staying vigilant and following these simple steps, you can avoid falling victim to phishing scams. Always take the time to check the sender’s email address, watch out for generic greetings and poor grammar, verify suspicious links, and don’t hesitate to contact the organisation directly if something feels off. Staying cautious can save you from potential identity theft or financial loss.
It’s important to remember that suspicious emails can sometimes be legitimate, even if it fails one of the checks above. For example, you may do business with a local company which does not have a web site. An email from that company may come from a gmail account. The key is to combine all of the tips above, with a healthy dose of suspicion and common sense, to help you make an informed decision about the legitimacy of the email. If in any doubt, use contact details that you already have for the sender and reach out directly.