It’s an inevitable fact of life that spam exists and that it can sometimes become a major annoyance and sometimes really embarrassing too. There are so many email schemes going on right now and I wanted to write an article covering some of the ways to identify if the email is genuine or not.
Many spam emails have something in common; they want you to carry out an action, whether that be to click on a link, to open an attachment, to view an image, to call a number or perhaps to send a payment via Bitcoin.
If you’re in any doubt as to where the email has come from DO NOT display any embedded images, open any attachments, click on any embedded links, ring any numbers or send any online payments.
If you receive spam from what seems to be a genuine company such as Vodafone or perhaps Plus.net or BT.com, the first thing to consider is do you have an account with them already? If the answer is “yes” then we can move on to the next step. If the answer is “no” then its likely that you can ignore the message and delete it if its not useful to you.
Look at the FROM address and see if it looks familiar or that the bit after the @ sign is genuine. So for example, you might get an email from firstname.lastname@example.org. If your Vodafone email comes from anyone other than a Vodafone address, then its likely going to be some kind of spam. I say likely as some legitimate companies will use a third party to deliver their marketing email. If in doubt, delete it.
If the FROM address looks correct then look at the copy of the email and see if there are any links present. If there are, don’t click on them, but if you hover your mouse cursor over the link, in many email programs it will show you the real address that you’ll be visiting and if this looks dodgy, don’t click on it! On a mobile device its a little different as you cannot hover your mouse, but I’ve founds that if you press and hold on a link on an Android or iOS device, it will give you options such as how you wish to open the link. Its at this stage that you can look at the link before really “clicking” on it to determine if it looks legitimate or not. If it looks dodgy, close the window and delete the email.
Are there any obvious grammatical or spelling errors? If there are then this should be ringing alarm bells. Any legitimate company should be spell and grammar checking their emails before they are sent out to 100,000s of people.
Heres a good example. I recently received an email allegedly from Gov.uk regarding an unsuccessful tax submission. The email below itself looks quite professional, but the FROM address (marked with a red box) is not an address I’d expect this email to come from so my spidey sense is tingling. On closer inspection, when I hover (not click) on the blue text link, the address (marked in a green box at the bottom) is certainly not an address I’d expect a valid gov.uk email to use.
The more astute among you will also notice some other interesting things in the image, namely that theres a bar running along the top (marked with a yellow box) mentioning “Paris”. This is displayed as I have a plugin which aims to tell me whereabouts an email has come from based on some invisible data within the email. Whilst this is not 100% accurate all the time, it does help with flagging emails that may not be genuine. This plugin is called “MailHops” for Mozilla Thunderbird, a really good email program from the same people who make the Firefox browser.
So adding all the evidence up, its incredibly likely that even if I would expect to get an email from gov.uk regarding the submission of taxes, this specific email is not genuine and it can been sent to the bin.