Tech Talk Logo

We all get fake emails all the time. Some are really easy to recognize, and others look like legitimate emails from legitimate places. How can you spot the difference?

The fake email from a friend

Sometimes, you will get emails that appear to be from a friend, but they aren’t really from your friend. This is because someone has either gotten hold of the contact list of either you or your friend, and is sending you an email that has their name and email address on it, but it isn’t really your friend.

These emails tend to be short little “Check out this site” or “You won’t believe how well this works” emails with no explanation about what the link is that they are sending you to. If you get something like this, you should immediately suspect it as being fake, because that’s not usually how friends send emails to each other, and the link could be sending you to a site that is set up for nefarious purposes.

When you see these kinds of messages, look at the email address. It is likely not from your friend’s email address. If you don’t see the address, somewhere in your email platform you should see something that allows you to see the message header or view message source.

This is an example of a fake email sent to me in Outlook, which is a common online email system.

 example1

Notice that it says “This email address is being protected from spambots. You need JavaScript enabled to view it.” as the email address? This is not Stacy’s real email address. Someone has gone through a lot of trouble trying to make things look like they are coming from her though. If I wasn’t paying attention, I might click that link and think that whatever was on the other side of that link is endorsed by Stacy. I might also click that link and it infects my computer with malware using some sort of exploit. Either way, it is best to not click those links, just to be safe. I have checked that link out though, and it is an advertisement for a weight loss product masquerading as a news article.

This is the most likely way someone will send you fake emails, although if your email server doesn’t have good spam protections, someone could actually use your friend’s real email address, but send it from a different server.

Now, if you view the headers or the message source, there are other clues that can tell you whether or not the email is fake, even if the email address is a correct one.

example2

Now, your source probably won’t look exactly like this, but you will see similar things depending on your email provider. In red, where it says “smtp.mailfrom=speedy.com.ar...”, we have seen that this email has come from the domain “speedy.com.ar”. This should resemble the section of your friend’s email that comes after the “@” symbol. In this case, it does, but we know this is not Stacy’s email address. If it didn’t match the email address your friend has, your friend’s email address was spoofed and the email was sent through a different server.

In the green box, it is showing the results of the “SPF” check. This is a bit of information that the email host makes available telling all email servers and clients what IP addresses are valid originators of their email addresses. If you don’t see this, the email could still be fake.

How to spot fake business emails

You can spot fake business emails the same way you spot fake personal addresses. Fake business emails are a bit easier to deal with in most cases though. With fake business emails, you will often see something warning you that you need to login to your account right away, and fix something with your account. They will often give you a link to click. Everything else looks legitimate. The same logos are used, pictures may be used. It may look virtually identical to all other emails you get from that place. My advice is, if you have not verified that the email is real through the headers, don’t click any links. Enter the site into the address bar of your web browser manually. For instance, if it appears to be a message from PayPal, go to paypal.com and sign in manually. If anything is wrong, you should get a message somewhere letting you know of the problem. The reason I say to enter the address manually is because a link can be fake as well. I could create a link to an odd site, and make it look like the site you expect to see. What can happen if you click the link is that you are taken to a site where they will supply you with what appears to be the site you expect to see, and big boxes there asking for your email and password. Once they get that information, they can log into your account at the actual website, lock you out, and do all sorts of evil things.

Hopefully, these tips can help you avoid fake emails in the future. Just keep in mind, you know how communications to you from legitimate sources normally look. If there is any suspicion at all, double check, and be safe.