Spam email has always been a nuisance, but now it’s becoming costly. It’s being used to steal billions of dollars a year from unsuspecting people like you and me. While I think I’m pretty good at detecting fraud, I’ve been fooled a few times, particularly when the email contained personal information that made me think we had a previous relationship. But there is one simple way to detect fraudulent email, regardless of the type of fraud that I’ve listed below:
1. Phishing Scams– Fraudsters impersonate legitimate organizations to trick you into providing sensitive information (passwords, credit card numbers, etc.).
2. Spear Phishing– A targeted attack against a specific person or organization, often using personal details to appear more convincing.
3. Business Email Compromise– Scammers impersonate company executives or employees to trick businesses into transferring funds.
4. Lottery & Prize Scams– Emails claim you’ve won a lottery or prize, but you must pay fees or provide personal information to claim it.
5. Fake Charity Scams– Fraudulent emails ask for donations for fake charities, often after natural disasters or crises.
6. Tech Support Scams– Scammers pose as tech support from Microsoft, Apple, or another company, claiming your device is infected.
7. CEO Fraud– A scammer pretends to be a high-ranking executive requesting urgent action, like a wire transfer.
8. Invoice and Payment Fraud– Fake invoices trick businesses or individuals into paying for goods or services they never ordered.
9. Malware & Ransomware Attacks– Emails contain malicious attachments or links that install malware, encrypt files, or steal data.
10. Sextortion Scams– Scammers claim to have compromising images or videos and demand payment to prevent release.
11. Employment Scams– Fake job offers require an upfront payment for training, supplies, or background checks.
12. Tax and IRS Scams– Scammers pose as tax authorities, threatening legal action or demanding payment.
13. Toll charges– Scammers request that you go to a site to pay a toll charge you’ve incurred.
14. Fake Subscription Renewals– Emails falsely claim your subscription is expiring and urge you to renew via a scam link.
15. Investment & Crypto Scams– Emails promise high returns on investments or promote fake cryptocurrency schemes.
16. Delivery Scams– Fake shipping notifications trick recipients into clicking malicious links.
17. Account Verification Scams– Fake emails claim your account (bank, PayPal, social media) has been locked and needs verification.
18. Gift Card Scams– Scammers impersonate someone you trust, asking you to buy and send gift card codes.
19. Fake Refund Scams– Emails claim you overpaid and need to provide bank details for a refund.
20. Social Security & Benefits Fraud– Scammers pretend to be from government agencies, claiming benefits are in jeopardy.
You never want to click on attachments or respond in other ways to these emails. Opening an attachment can infect your computer. While many of the emails may look convincing, it’s easy for them to copy and paste logos. letterheads, and photos from real sites.
As an example, one friend received an email from Chase that looked exactly the same as previous Chase emails, saying there was a secure message waiting for him. It asked him to click to log in to his account; that one click made his life miserable for a week. He should have gone to his Chase account directly to see if there was a message, rather than clicking the link in the email.
How to detect a fraudulent email
While there are many different schemes, even more than those listed above, they all have one thing in common: an email address needed to land in your inbox. With a little bit of detective work, it’s very easy to spot a spam email by just looking at its email address.
Here’s an example. The email is not from StateFarm, but from someone in Chili with the .cl country name. Clearly it’s not from StateFarm.
Depending on your email app and settings, the sender’s email address may or may not be visible when you look at an email, but it can be viewed by moving your cursor over the sender’s avatar (the sender’s image or initials to the left of there name) or over the sender’s name. Similarly, on a phone just touch that point on the screen for the email address to become visible. (If that doesn’t work, hit reply to the email and look at the recipient’s email name in the reply email.)
Most of the time the email is a name made up from a bunch of numbers, letters, and an unusual domain name (the characters after the period) that bear no relation to a business, which means it’s a scam. Here are some examples from my recent emails:
uqakqyy@pfgbjqzg.cancelled.immediateattentiontypes.jp.net
oppo18193@godaddysupport.io
axel.sepulvedax420@jaliscoedu.mx
john.doe1234@secure-payments.biz
ritttfg1357644@gmail.com
ian.hernandez@educaquilpue.cl
Sometimes scammers try to impersonate legitimate companies but use slightly altered addresses. For example, instead of support@paypal.com, they might send from support@pay-pal-security.com. Always hover over the sender’s name to reveal the full email address and verify that it matches the official domain of the company.
For example, this was one of dozens of spam emails that appeared in my inbox summary yesterday, and one that was not detected by gmail as spam;
……………………………………………………………………………………
………………………………………………………………………………………
When I opened the email it was an ad for Cloud storage. (Clicking on an email to view it from the summary view is safe to do.)
The email was an attempt to sell me something that would either never be delivered or have me install software that might infect my computer or steal my personal information.
……………………………………………………………………………………
……………………………………………………………………………………
When I moved my curser over the face of the sender, this is what appeared:
…………………………………………………………………………………..
The sender’s website “www.sma.belajar.id” bears no relation to a company that sells storage or a legitimate business. Clearly it’s a fraud.
But sometimes spammers are even more devious and use an email address that at first glance looks authentic. Examples are real names with extra numbers or letters (customerservice@amazon01.com), misspellings (support@appple.com), or unusual characters (info@bank$security.com), etc.
Here’s another clue. Always assume that an email from a corportation, financial institution, or government agency that uses a free email service (such as Gmail, Yahoo, Outlook, etc.) is fraudulent. Examples include GeekSquad100@gmail.com, applesupport12@gmail.com, IRSgov@aol.com, paypalservices@gmail.com, and support_amazon@outlook.com. Legitimate companies will contact us using their own company name domain, not a free email service.
If you’re unsure about an email and want to investigate further, paste the part after the @ in its address into Google, preceeded by www. If you get an error, or it goes somewhere other than the company, it’s not legitimate.
Spammers often use fear to pressure us into taking immediate action. They may claim your account has been compromised or that legal action is pending unless you click a link or provide personal details. They want to make it seem so urgent that you won’t pause to think about the email’s validity. Legitimate organizations rarely send such urgent emails without prior notice. If in doubt, call the company using a phone number from a recent mailing.
But, be careful if you use Google to search for the phone number of a company or institution. Unscrupulous websites often pop up with fake phone numbers, hoping you will call them so they can sell you support services.
Often spam emails contain grammatical mistakes or spelling errors. That’s also a big red flag.
Spam emails sometimes contain attachments disguised as invoices, receipts, or security updates. Clicking on these attachments can install malware or ransomware on your device.
Legitimate companies will never ask for sensitive details like passwords, Social Security numbers, or credit card information via email. If you receive such a request, assume it’s a scam. And ignore any email reporting on the condition of your computer, such as low memory, detected viruses, etc. They have no way of knowing the condition of your computer unless you intentionally enable share software.
If something feels off, it probably is. Scammers rely on urgency and confusion to trick us. When in doubt, take a long pause and carefully examine the email address before responding.
