Search by Keyword

Browse by Topic

Browse by Format

7 Ways to Spot a Fake (& Possibly Malicious) Email

email security tips

The Security Downside of Email

We’re all getting more and more emails every day—especially as work-from-home orders have forced more conversations into the virtual space. Hackers realize this and are taking advantage of it. Phishing and spoofing emails are designed to look like legitimate emails from a familiar sender and entice you to click an innocent-looking link that actually downloads malware...and they're only getting better at it.

Thankfully, these emails have some telltale signs you can spot—if you know what to look for.

1. The Sender

Ideally, you should only open an email from addresses you recognize—yes, addresses, and not simply names. Check the domain the sender is using. An email from Amazon support should be from, not

Some sender's email addresses can look very similar to the ones you recognize. When in doubt, call the person at the number you already have saved for them to confirm the validity of the email.

2. The Recipient and Unexplained CC'ing

Unless you know the sender's address is trustworthy, you should likely never be CC'd anything worth opening. Were you CC’d along with a bunch of random people you don’t know? If so, don’t click on anything.

3. Suspicious Links

Much like the domain, links should be to site with familiar URLs. You can check the destination URL by hovering over the link with your mouse before you click. This rule also applies to unsubscribe links. If you a get a fake email, don’t click unsubscribe, just delete it or flag it as a suspicious email with your email service—not via any links in the email.

4. Time Sent

If you get an email from the accounting department that was sent at 2:00 AM, this should certainly make you incredibly suspicious. Business emails sent at unusual business hours should sound the alarms. Again, when in doubt of the validity of the email, find another means of confirming it.

5. Subject Line Gut Check

In many instances, your gut will help you determine if a subject passes the sniff test. If the subject line looks like spam, it probably is. If you have your doubts about a particular email, do not open it, and confirm its validity through some other means.

6. Unexpected Attachments

Links and attachments are the two most common ways your system is phished. If you weren’t expecting or don’t normally get attachments from the sender, it might not be safe.

7. Content

Spelling errors, bad grammar, offers that are too good to be true, and obvious ploys to get you to click or download are all signs the email might be fake. If the content of an email doesn't sit well with you, go with your gut.

If you have any doubts about the validity of an email, find a means of verifying the legitimacy of the message with the sender. This method of verification should be independent of any information found in the message itself. Never forward any suspicious emails or reply with questions.

Related Articles

Need Some Expert Advice?

Get the business technology solutions your company needs to improve efficiency and business profitability.