Email scams are getting sneakier and more complex every day, making them one of the biggest concerns for your customers and their Account Admin’s alike. Not to mention, the global pandemic, characterised by its social restrictions, has meant that businesses across the world have had to make a rapid digital transition into online working. In parallel with this shift, we have witnessed a sharp escalation of cybercrime and, inboxes have never been more vulnerable.
To help, we’ve drafted some simple tips to share with your customers, to make it easier for them to spot an email scam. If they know what to look out for—these 6 effective ways to spot email scams will give them the knowledge they need to avoid being the next victim!
1) Look for Grammatical and Spelling Errors
This is one of those no-brainer tips, but also one of the most common red flags we see. If you come across an email with bad grammar and spelling, then there’s a very good chance that it isn’t legit. Legitimate businesses are usually keen to establish a professional tone and relationships with their customers. Many scam operations are run from countries where English is not their native tongue, and hence it’s very common to see poor grammar used in scams. Here's an example of poor grammar used in the subject line of a recent email scam intercepted by MailGuard.
2) Check the email sender name and URL
Some of the most common forms of email scams are phishing and ransomware emails, so its good practice to check the email sender. Keep an eye out for emails that look like they originate from websites you frequent, but if you have doubts check sender name and the sending email address. Is it the official email address of the company that it purports to be from?
Sometimes the sender’s name may be forged, but if you right click on the sender email name it will reveal the actual sender address which is one of the easiest ways to determine if it’s a scam. For example, if it comes from a gmail account, or the letters are a meaningless jumble, there’s a good chance that it’s not legit.
Make sure to look carefully too, because scammers can be very clever. Often, they will register new email addresses and domains that are close approximations of the real thing. That might mean substituting a character, like creating te1stra.com to spoof telco giant, Telstra, or more subtle variations of official accounts like an email from nationalbanksupport.com to scam NAB customers.
3) Scan the page URL too
Take a few seconds to look closely at the hosting domain URL. If it looks suspicious or takes you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from, you may be dealing with a phishing scam. The most effective email scams often mimic popular brands like PayPal or Netflix. Be on guard!
The best thing to do if you have doubts, is to call the company, or log into their services directly and by-pass the link in the email. For example, for a banking notification, login in to you banking portal or app to check the issue.
4) Does the email address you by name
If you’re receiving a scam email, chances are it’s not addressing you by your first and last name. Be wary of any emails that use ‘’Dear Sir” or “Dear Madam”, or “Hey There”, as they may not be the real deal.
5) Is the email trying to create a sense of urgency?
If the email is telling you that time is running out, there’s a fair chance that scammers are trying to pressure you into making a quick decision. This can scare you into responding before you’ve had time to fully consider things, or it might even lead you to ignore your gut instincts and take action on a whim. If an email is trying to convey a sense of urgency, it might be best for you not to respond at all, or at least to check its legitimacy with another person or source before doing so.
6) Use Your Common Sense
For example, were you expecting to hear from the company that the email is from?
It might seem obvious, but it’s important to remember that if something feels too good (or too bad) to be true, it probably is. If you can spot email scams before they happen, you might be able to prevent a little (or a lot) of distress for you and your organisation. Plus, saving yourself from embarrassment is always a good thing!
Cybercriminals rely on email as their number one attack vector. 350 billion emails each day is too much of an incentive, especially when so many individuals and companies alike, remain cavalier about the risks. It’s the simplest, most effective way to trick you into doing something that could put your organisation at risk.
MailGuard advises all recipients of any suspicious looking emails to delete them immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have severe negative consequences for your business and its’ financial well-being.
Keeping businesses protected
Prevention is always better than a cure, and the best defence is to encourage businesses to proactively boost their company’s cyber resilience levels to avoid threats landing in inboxes in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for businesses to fortify.
No one vendor can stop all threats, so it’s crucial to remind customers that if they are using Microsoft 365 or Google Workplace, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a third-party cloud email solution like MailGuard.
Talk to us
MailGuard's partner blog is a forum to share information and we want it to be a dialogue. Reach out to us and tell us what your customers need so we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.