Spam Emails - What To Look For
Last updated: June 2019
Spam emails are now more common than ever, making it increasingly difficult to determine if emails are legitimate or not.
Spammers are great tricksters, they can pull off elaborate looking emails from companies you have services from, such as your bank, Apple or Samsung, PayPal and even Netflix.
However, having the knowledge to know a real email from a fake one is everything, especially in a day and age where your sensitive information can be quickly intercepted at any moment – especially if you were to click on a dangerous link.
What are the most common things to look for?
Spam is always going to be different, however, there are always a few common things to look for in spam emails, and makes it easier to determine whether it’s real or fake.
Have a call to action.
This means that the email requires your urgent action or immediate attention, such as logging into a portal or clicking on a link.
These are more common for fake bank or payment emails, such as a payment failing for your Netflix account or your bank account being in arrears requiring immediate action.
Inform you of a new purchase, despite not purchasing anything.
These are common from Apple or Samsung fake emails, as they may alert you that you’ve purchased a new product or app from their store. The rational person will immediately be concerned, especially if they didn’t actually purchase anything, and will try and resolve it by clicking links on the email. They are purposely made to con you into logging into fake portals to enquire about the transaction.
Will address you by ‘Dear Sir or Madam’ – this is an instant red flag.
Any legitimate company you deal with will always refer to you as your name if you’re a customer of theirs. This is because their email templates are set up to include your personal information, which the spammer won’t know, and is trying to steal that information from you.
Have a spoofed or fraudulent email address.
Commonwealth bank are not going to send you any emails from an obscure email address that doesn’t relate to them at all. What we mean by this, is that you can click on the sender’s name in any email software you use, and it will reveal the email address it came from. Something like ‘email@example.com’ is more likely to be a legitimate email address associated with CBA in comparison to ‘firstname.lastname@example.org’ for example.
Spoofing is a complicated process to understand, but basically, it means that somebody can send email on behalf of any email address if they do not have a solid SPF record in place. An SPF record basically authorises only a certain server to send behalf of the real email address, which would be the email provider of the real email address. Failure to have an SPF record in place, will result in spoofing.
Won’t have any unsubscribe button.
This is the most infuriating issue with spam, especially if it is spam you receive consistently.
If you are receiving spam from one sender that appears to be part of a mailing list, try and firstly determine if there is any possible way you signed up to this mailing list, and if not, we recommend getting in touch with your email provider who can set up a sender blacklist and prevent these email addresses from sending you email.
Now that I know what to look for, what do these emails usually look like?
Now that you understand what to look for in any email to determine its legitimacy, it still helps to have a real world example of what spam emails look like. I’ve attached an example of a spam email I received to my Hotmail address some time ago.
This one is a little bit more obvious considering the email address it came from is very fraudulent, and many are usually harder to tell, but they follow the same template that Apple use, and even have the same Apple Icon, links to the website for Apple correctly, however, the annotations make it easier to see why this is definitely spam.
It won’t also be easy to tell what is spam and what isn’t, and it can, unfortunately, have grave repercussions if you action a spam email. If you’re ever in doubt, it’s recommended to contact your email provider who can help determine the legitimacy of the email.
Keep all of these things in mind, and you won’t have any issues!