How to Spot Scam Emails

Email on a computer

With fraudulent emails so commonplace these days it’s safe to say that most of us have received one at some point. While the intent of these messages remains unchanged, over the years they have become more sophisticated. There are, however, still signs that can give away scam emails.

The example below makes reference to a subscription that was never ordered while claiming the recipient’s PayPal account is about to be debited. A few elements of the message are noteworthy as they create a sense of legitimacy.

For starters, the recipient’s email address is in fact linked to a PayPal account. But with PayPal being a major player in e-commerce, odds were that this shot in the dark would be read by someone with a PayPal account. Also, please note that the amount in question is rather small and inconspicuous.

Example of a scam email

A closer look at the email, however, reveals a number of red flags –aside from the fact that nothing had been purchased on Kijiji or through PayPal.

The sender and the sender’s email address don’t match. An official PayPal email would not be sent from a stockton.gov.uk address.

The salutation is left blank.

It’s not uncommon for scam emails to contain spelling mistakes or poor grammar. While the featured example isn’t the worst offender, certain words are capitalized inconsistently. Also, in one instance “PayPal” is not stylized with the second capitalized P.

A major red flag in scam emails is the sense of urgency they convey – especially when coupled with a call to action. Scammers want their victims to act quickly without investigating the matter further. This sense of urgency typically comes in the form of threats such as account cancellations or legal action. By comparison, the featured email is rather tame. Yet here, too, you are told that it’s not too late to cancel the order (“during the 7 day period you’ll receive a full refund”) and that your account hasn’t been debited yet. The goal, of course, is to prompt the recipient to click on the link to cancel the order.

The two major dangers of clicking unverified links are that you could be taken to a phishing site or inadvertently download malware or a virus. Phishing sites look like legitimate business sites and may even be replicas of sites you are familiar with but they’re designed to trick you into providing personal information. Malware, on the other hand, infects your computer with ransomware or a keylogger that captures anything you type into your computer like passwords or credit card numbers.

It is always important to run the most recent version of your anti-virus software, and operating system, as well as have a firewall running to protect your computer from malware or viruses.

When you receive an email you suspect is fraudulent, delete it. When in doubt, contact the sender directly but never use links or numbers found in the email.