This article was co-authored by Scott Nelson, JD. Scott Nelson is a Police Sergeant with the Mountain View Police Department in California. He is also a practicing attorney for Goyette & Associates, Inc. where he represents public employees with a myriad of labor issues throughout the state. He has over 15 years of experience in law enforcement and specializes in digital forensics. Scott has received extensive training through the National Computer Forensics Institute and holds forensic certifications from Cellbrite, Blackbag, Axiom Forensics, and others. He earned a Master of Business Administration from the California State University Stanislaus and a Juris Doctorate from the Laurence Drivon School of Law.
There are 12 references cited in this article, which can be found at the bottom of the page.
This article has been viewed 65,115 times.
Spam emails are messages randomly sent to multiple addresses by all sorts of groups, but mostly lazy advertisers and criminals who wish to lead you to phishing sites. The sites attempt to steal your personal, electronic, and financial information. Discerning what to look for in spam emails will help you avoid becoming a victim of spam.
Steps
-
Ensure you know and trust the sender before opening an email. Since you can see who the sender is from your inbox list without having to open the message, you can deduce if a message is spam by simply looking at the sender’s email address. That said, some spam and phishing scams will pretend to be major companies, so you can't assume that an email from "Amazon" is guaranteed to be non-spam.
- If the message was sent from a website that you don’t recognize or an email address from someone you don’t know, chances are the message is spam.
- In rare cases, spammers control other people's accounts, meaning you may get emails from your "friends" who have been hacked. Checking the sender is the first, not the only, step you should take.
- If the sender's address has a bunch of numbers or a domain you don't recognize (the part after the "@") then the email is likely spam.
-
Check the subject line for common spam topics. You likely already know most of these -- sales, investment opportunities, new treatments, requests for money, sex, information on packages you never ordered, etc. Usually, you are being offered something, often for nothing. If you didn't order it, don't assume you forgot. This is simply a scam tactic to make you click a bad link.
- If you want even more specifics, the US FTC has a list of the 12 most common spam email types on their website.[1]
Advertisement -
Avoid any "calls to action" or requests for personal information. This is known as phishing, when a criminal pretends to be a reputable site, like PayPal, that has to "update user information," or needs you to sign in "immediately." In general, if the email asks for immediate action or personal information, it is phishing and should be ignored.[2]
- One of the most common subject lines, "Problem with your Account" is almost always phishing. If you had a problem, it will tell you when you log on to the account.
-
Hover over any links in the email to see if they match their supposed destination. For example, hover your mouse over the following link for www.google.com. Don't click -- instead, look to the bottom-left corner of your screen, where a different URL (one for Wikihow) shows up instead of Google. Spammers do this trick all the time to bring you to dangerous sites.
- Be especially wary if the address is a set of numbers -- most reputable companies will use words instead of numerals.[3]
-
Look for typos, especially of key phrases or words. Check for typos in the header, introduction, and body of the text. Most legitimate companies have editors that check for typos and grammatical mistakes, so typos are a red flag that something is spam.[4] One of the ways spam can get past a filter is by rearranging letters of words that spam filters look out for.
- For example, spam might spell the word “sexual” as “sxeual" to avoid being picked up.
- You might see this in URLs as well, like sending you to "Paypal" instead of PayPal, or www.ebay.random.words.and.numbers.10002122.com.[5]
- Spam normally contains extensive, large images that occupy most of the message body. The text is usually large to capture your attention.
-
Never open or download attachments unless you know what they are. If you don't know the sender, can't trust a link, or otherwise feel like an email may be spam, do not open any attachments. This is the quickest way to a virus, bar none. If you must open the attachments, right click on them first, then select "scan for viruses" or "scan" before opening.
- Gmail automatically checks attachments for viruses, but it isn't perfect.[6]
-
Type in any links directly instead of clicking on the links. The most common way you're information is compromised is by clicking a link in the spam email. However, if you're unsure if the email is legitimate or spam, you still have options. For example, if you get a packaging email you weren't expecting from Amazon, log on to Amazon and type in the order number to check it -- don't click on the "track package" link in the email.[7]
-
Use 3rd-party security sites to test emails and links you're still worried about. If you're still on the fence, there are some sites that let you check links before you've clicked on them. You can try getlinkinfo.com to see if there are a lot of "redirects," which likely means there is spam coming from the site. You can also use the program SiteCheck, which takes any URL and checks if there are malware or viruses on the page.[8]
-
See if the message was diverted to the spam folder. Most email services have an anti-spam feature that filters suspicious messages and diverts them to a specific folder in your email account labeled “Spam.” If the mail server detects a message to be spam, it separates it from your other messages into the Spam folder, away from your inbox. This is the first and most obvious sign of a spam email.
-
Never provide personal information, including a username or password, in reply to an email or email link. If Amazon emails you asking to log on and check something, go to Amazon on your own and log on. Phishing is a scam where someone creates a fake site that looks exactly like a real one, then collects emails and passwords from people that they test on other sites (like you bank). If asked for personal information, always refuse.[9]EXPERT TIPTechnology SpecialistBrandon Phipps is a Technology Specialist based in Bakersfield, CA. He is the owner of Second Star Technologies and specializes in Managed IT Services for small and mid-sized businesses in Bakersfield, CA. With over 23 years of experience, he offers expert cloud computing, cybersecurity, and network management solutions. Brandon is a committed community member and coach who leads and innovates in tech and sports coaching. His dedication to local businesses and communities is evident in his hands-on, tailored approach to IT solutions.Brandon Phipps
Technology SpecialistBe careful when clicking on links or sharing your personal information online to avoid security breaches. Cybercriminals send emails with malicious links to deceive users. Verify the sender's identity and take precautions before clicking on any links or sharing personal information to prevent unauthorized account access.
-
Immediately run anti-virus software if you're worried you opened up spam email. If you're worried, get some free antivirus software to ensure that your computer is safe. Sophos is a great for Macs, and AVG is good for PCs, and both have free options. SpyBot Pro is also a good way to get rid of malware, and is also free.
- Check your computer again 1-2 weeks later to ensure you have no problems.
-
Change any identical passwords if you think you've fallen for spam or phishing. If you gave your password out for Facebook, and your Twitter account uses the same password, change them both. It is better to be safe than sorry, so run through every possible site that could share a password with the one you gave out.[10]
- If you're worried about bank information, call your bank and set up an alert. Or monitor your accounts for the next 2-3 weeks, immediately canceling them if weird charges come up.
-
Forward the email to your IT or tech department if it is at all involved with your work or work email. If you've found a phishing scheme or dangerous spam, let your IT department know. They can search for or neutralize the threat, as well as warn the rest of the company to be on the lookout for specific scams.[11]
-
Delete the email once you've informed IT or neutralized the threat. It can also help to "archive" it, an option with almost all email services. This tucks it away but doesn't delete it, which can help IT or other services fix your computer if the email turns out to contain malware. Even then, when in doubt you should just delete the email -- better safe than sorry.[12]
- Delete any and all attachments that you may have downloaded with the email.
-
Keep your email address as private as possible. Not giving your email out to sources you don't trust is one of the best ways to avoid spam.[13] While some spam is unfortunately inevitable these days, you can minimize most of it by just keeping your email address private.[14]
- If you want to sign up for special deals or offers, consider using a junk email address so you don't get spam sent to your personal account.[15]
-
Keep your usernames different from your email addresses. For example, say that your Tumblr handle is WikiHow15. If your email address is wikihow15@gmail.com, you've basically given the whole world your address. Most spammers actually "test" thousands of guessed emails until they find those that work -- so having differentiated emails and usernames can help keep them at bay.[16]
-
Never check the "Yes, I want to receive more information..." box when signing up for sites or deals. This signs your address up for regular, robotically sent emails, notifications, and spam. Unless you really love the site or band, avoid this box at all costs.
- Check to see if this box is pre-checked for you -- many sites make you opt-out of spam instead of in.
-
Create multiple accounts, or change your email regularly. One of the best ways to avoid spam is to concentrate it in one account. For example, you might set up an account just to buy things online, and another for personal business. You use the first email whenever you're purchasing or giving out bank information, then keep your personal emails in a more private account. You can give away one account at will, because you only really need it for specific functions.[17]
Expert Q&A
Tips
-
Do not click on any button or link that you may see in spam messages. This may either lead you to malicious websites or to download malwares to your computer that can infect it.Thanks
-
If any of the flags above are met, do not open the email. Just quickly move it to your trash bin.Thanks
-
Deleted messages inside the Spam folder of your email will not go to the trash bin. They will be permanently removed from your account.Thanks
Warnings
- Criminals are constantly refining and updating their spam. If something feels wrong, even if it is not on this list, play it safe and ignore the email.Thanks
References
- ↑ https://www.us-cert.gov/sites/default/files/publications/emailscams_0905.pdf
- ↑ http://www.cnet.com/how-to/how-to-recognize-phishing-e-mails/
- ↑ http://securitywatch.pcmag.com/spam/317892-how-to-recognize-and-avoid-phishing-emails-and-links
- ↑ Scott Nelson, JD. Police Sergeant, Mountain View Police Department. Expert Interview. 2 April 2020.
- ↑ http://securitywatch.pcmag.com/spam/317892-how-to-recognize-and-avoid-phishing-emails-and-links
- ↑ https://www.us-cert.gov/sites/default/files/publications/emailscams_0905.pdf
- ↑ http://securitywatch.pcmag.com/spam/317892-how-to-recognize-and-avoid-phishing-emails-and-links
- ↑ http://securitywatch.pcmag.com/spam/317892-how-to-recognize-and-avoid-phishing-emails-and-links
- ↑ http://www.cnet.com/how-to/how-to-recognize-phishing-e-mails/
- ↑ https://staysafeonline.org/
- ↑ http://securitywatch.pcmag.com/spam/317892-how-to-recognize-and-avoid-phishing-emails-and-links
- ↑ https://staysafeonline.org/
- ↑ Luigi Oppido. Computer & Tech Specialist. Expert Interview. 19 February 2020.
- ↑ http://support.eset.com/kb144/?viewlocale=en_US
- ↑ Luigi Oppido. Computer & Tech Specialist. Expert Interview. 19 February 2020.
- ↑ http://support.eset.com/kb144/?viewlocale=en_US
- ↑ https://www.us-cert.gov/sites/default/files/publications/emailscams_0905.pdf