Email scams are getting sneakier and more complex every day, making them one of the biggest concerns for businesses. Not to mention, the global pandemic, characterised by its social restrictions, has meant that businesses across the world have had to make a rapid digital transition into online working. In parallel with this shift, we have witnessed a sharp escalation of cybercrime and, inboxes have never been more vulnerable.
To help, we’ve drafted some simple tips to make it easier for you to spot an email scam. If you know what to look out for—these 6 effective ways to spot email scams will give you the knowledge you need to avoid being the next victim!
1) Look for Grammatical and Spelling Errors
This is one of those no-brainer tips, but also one of the most common red flags we see. If you come across an email with bad grammar and spelling, then there’s a very good chance that it isn’t legit. Legitimate businesses are usually keen to establish a professional tone and relationships with their customers. Many scam operations are run from countries where English is not their native tongue, and hence it’s very common to see poor grammar used in scams. Here's an example of poor grammar used in the subject line of a recent email scam intercepted by MailGuard.
2) Check the email sender name and URL
Some of the most common forms of email scams are phishing and ransomware emails, so its good practice to check the email sender. Keep an eye out for emails that look like they originate from websites you frequent, but if you have doubts check sender name and the sending email address. Is it the official email address of the company that it purports to be from?
Sometimes the sender’s name may be forged, but if you right click on the sender email name it will reveal the actual sender address which is one of the easiest ways to determine if it’s a scam. For example, if it comes from a gmail account, or the letters are a meaningless jumble, there’s a good chance that it’s not legit.
Make sure to look carefully too, because scammers can be very clever. Often, they will register new email addresses and domains that are close approximations of the real thing. That might mean substituting a character, like creating te1stra.com to spoof telco giant, Telstra, or more subtle variations of official accounts like an email from nationalbanksupport.com to scam NAB customers.
3) Scan the page URL too
Take a few seconds to look closely at the hosting domain URL. If it looks suspicious or takes you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from, you may be dealing with a phishing scam. The most effective email scams often mimic popular brands like PayPal or Netflix. Be on guard!
The best thing to do if you have doubts, is to call the company, or log into their services directly and by-pass the link in the email. For example, for a banking notification, login in to your banking portal or app to check the issue.
4) Does the email address you by name
If you’re receiving a scam email, chances are it’s not addressing you by your first and last name. Be wary of any emails that use ‘’Dear Sir” or “Dear Madam”, or “Hey There”, as they may not be the real deal.
5) Is the email trying to create a sense of urgency?
If the email is telling you that time is running out, there’s a fair chance that scammers are trying to pressure you into making a quick decision. This can scare you into responding before you’ve had time to fully consider things, or it might even lead you to ignore your gut instincts and take action on a whim. If an email is trying to convey a sense of urgency, it might be best for you not to respond at all, or at least to check its legitimacy with another person or source before doing so.
6) Use Your Common Sense
For example, were you expecting to hear from the company that the email is from?
It might seem obvious, but it’s important to remember that if something feels too good (or too bad) to be true, it probably is. If you can spot email scams before they happen, you might be able to prevent a little (or a lot) of distress for you and your organisation. Plus, saving yourself from embarrassment is always a good thing!
Cybercriminals rely on email as their number one attack vector. 350 billion emails each day is too much of an incentive, especially when so many individuals and companies alike, remain cavalier about the risks. It’s the simplest, most effective way to trick you into doing something that could put your organisation at risk.
MailGuard advises all recipients of any suspicious looking emails to delete them immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have severe negative consequences for your business and its’ financial well-being.
Keeping your business protected
Prevention is always better than a cure, and the best defence is for your businesses to proactively boost its cyber resilience levels to avoid threats landing in inboxes in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for your business to fortify.
No one vendor can stop all threats, so don’t leave your business exposed. If you are using Microsoft 365 or G Suite, you should also have third-party solutions in place to mitigate your risk. For example, using a specialist cloud email security solution like MailGuard to complement Microsoft 365.
For more information about how MailGuard can help defend your inboxes, reach out to our team at expert@mailguard.com.au