Shelby

Shelby Meyer

DIGITAL DISPATCH

Article #0051
Written March 12, 2025
Updated June 9, 2026
Category [SECURITY]

How to Spot SCAM Emails and Harmful Messages

We show you how to identify and avoid these threats


AI generated image
AI generated image

Keywords:
attachments, suspicious, sender, phishing, scammers

Key Takeaway:
Email is an essential tool for communication, but it also presents opportunities for cyber-criminals to exploit unsuspecting users.

Category Insights:
SECURITY — Security best practices include strong passwords, MFA, and regular patching.

Protect yourself!

Email is a vital tool for communication, but it also presents opportunities for cyber-criminals to exploit unsuspecting users. Phishing scams, malware in your attachments, and fraudulent requests for personal information can have serious consequences. Here are some ways you can protect yourself from scam emails and other harmful messages. Let's begin.

Note:
You're not paranoid if they really are out to get you!

Recognize Common Signs of Scam Emails

Scam emails often exhibit certain red flags. Get into the habit of looking for any of these tell-tale signs:

  • Unfamiliar Senders: If you don’t recognize the sender or business, you MUST proceed with caution. Who is the sender, and do they really have any reason to contact you?

  • Urgent Language: Scammers try to create a sense of urgency to make you act quickly. Pressure can be a very effective tactic.

  • Suspicious Links and Attachments: Hover over links to see where they lead before clicking. This is super important and very revealing. Avoid opening any unexpected attachments. Most email programs will now block executable files; however, some malware is now being injected into PDF files.

  • What country is the email from?: A lot of scam emails come from foreign countries. Several of these are particularly troublesome top-level domains. China(.cn), Russia (.ru), India (.in), Pakistan(.pk) etc. If you don't have business in other countries, it’s probably safe to block them. Some spam software will offer this as a feature. This method of blocking entire countries is often called geo-fencing.

  • Poor Grammar and Spelling: Many scam emails contain noticeable errors. Many scam emails will come from foreign countries, and the originator is relying on translation software and tends to be riddled with errors.

  • Requests for Personal Information: Legitimate companies do not ask for sensitive data via regular email. It's simply too easy to spoof, or intercept.

  • Fake Emails: Scammers will send an invoice for something you didn't purchase. Maybe a tracking number for a package you never ordered. It could be a message pretending to be from your bank asking you to click a link to login and verify your information. There is no limit to the tricks they will try to get at your confidential information.

Remember: Scammers are always trying to come up with new and unique tactics to separate you from your personal information or your money.

Use Strong Email Security Measures

AI generated image
AI generated image

Take proactive steps to secure your inbox:

  • Use a Spam Filter: Most email providers automatically filter out the most obvious suspicious emails. Many times, you can adjust your settings to tighten the control for a better result. Report as much spam as you can. However, reporting spam can be time consuming. There is NO perfect spam filter. One person’s junk mail might be another person’s critical information. You ultimately need to teach the filter what you want to keep and what you want to blacklist.

  • Regularly Update Your Passwords: Use long, complex passwords and avoid using the same password across multiple accounts. See the links at the bottom of the page for blog posts regarding passwords.

  • Check the Email Domain: Scammers often use addresses that look similar to legitimate domains but contain slight misspellings. Common tactics is to use a number 1 in place of the small letter L. Or swapping letter O and number 0.

  • Watch the domain extension: When dealing with government entities and educational institutions, you have a very powerful indicator. The .govextension is for official government email, .edu is an accredited school and .mil is military. These are ONLY assigned to legitimate sites. If the website says something like whitehouse.com, or whitehousegov.com, would NOT be legitimate. This is a subtle tactic to fool people into opening the email.

  • Enable Two-Factor Authentication (2FA) on websites: This adds an extra layer of protection. Yes. It's a pain, but it adds another layer of security and makes it tougher for a scammer to bypass if they do happen to get your password. Not all sites offer 2FA, but most banking institutions offer it at this time.

Reference:


#0015 Security New US Government Password Recommendations

Avoid Clicking Suspicious Links

Before clicking any link:

  • Hover Over the Link: Verify the URL before clicking. This is one of the BEST things you can check. Get in the habit of doing it and you'll be doing yourself a big favor.

  • Manually Enter Website Addresses: If an email asks you to log in, go directly to the official website instead of clicking the provided link. The link that’s displayed in the email may say one thing and clicking it may go elsewhere.

  • Use Link-Checking Tools: Websites like VirusTotal can help verify if a link is safe.

Be Wary of Unsolicited Attachments

Attachments can contain malware or ransomware. To stay safe:

  • Do Not Open Unexpected Attachments: Even if the sender appears legitimate, confirm with them before opening.

  • Fake invoices, receipts and Docusign: A common tactic is for a scammer to send totally FAKE documents as attachments they usually be a PDF file. Here is your receipt for: (something you did not purchase). Click this DocuSign attachment to sign: (something you did not request).

  • Scan Attachments with Antivirus Software: Many email providers automatically scan attachments, but you can add an extra layer of security by checking it again.

Verify the Sender’s Identity

If you receive an email requesting sensitive information or urging action:

  • Contact the Sender Through Official Channels: Call or visit the official website to verify the request.

  • Look for Spoofed Email Addresses: Scammers may use fake email addresses that look like real ones. This is one of the easiest tactics a scammer can use. They simply send from one address but configure the mail program to display a different address. They may even use your email address. This is why you will sometimes receive an email addressed to you, but it also says it came from you.

Report Scam Emails

If you receive a suspicious email:

  • Mark it as Spam: This helps improve whatever spam filtering software you may be using. Everyone who uses that particular spam filter can benefit.

  • Report Spam to Your Email Provider: Services like Gmail and Outlook have options to report phishing attempts. They develop a massive list of scam email addresses that can be used to filter out the junk.

  • Notify Relevant Authorities: Some countries have cybersecurity agencies where you can report phishing scams.

Final Thoughts

AI generated image
AI generated image

Staying vigilant against scam emails is crucial in today’s digital world. By recognizing the red flags, securing your email account, and being cautious with links and attachments, you can significantly reduce the risk of falling victim to email scams. Always trust your instincts—when in doubt, don’t engage with suspicious emails. If you’re ever in doubt, call your local computer shop. They tend to be much better at spotting scams than the average layperson. Use the following link for additional security ideas.

Reference:


#0098 Security Layered Network Protection for Home or Small Business