Three warning signs that email is malicious

You can't always count on your spam filter to keep you safe. For those times, it pays to keep your scam sleuthing skills sharp.

Email spam filtering is far better than it used to be. There was a time when nearly every scam email would land in your inbox. Thankfully that's not the case anymore--especially if you're a Gmail user.

But no system is perfect. Every now and then a scam message will manage to slip into your inbox. But how do you know when you're looking at a scam or not?

Here are three basic tip-offs you can look for to figure out whether you're looking at an email with dishonest intentions. They're hardly an exhaustive list, but more often than not one of these tips will save you from getting suckered.

1. Dear customer

One thing spammers are counting on is that you, the target, don't realize there's this ancient technology in Microsoft Word and other apps called mail merge. This feature creates a template that automatically uses a customer list to fill in names, the last four digits of a credit card or bank account number, and other personal information.

That means when I receive an email from my bank, I expect it to say "Dear Ian" or "Dear Ian Paul," but certainly not "Dear Customer" or "Dear ," or, worse, no salutation whatsoever.

If you see an email addressed to "Dear customer" that asks you to follow a link to fill in your account details, chances are it's a phishing scam.

That's not to say that you should automatically trust any email specifically addressed to you. But you can be sure that if you get an email from a company you do business with like a major bank, retailer, or technology company, they will address you by name in any email.

2. That link is crazy

If you're unsure about an email, hover your mouse over any links you see in the body of the message (just whatever you do don't click it!). Next, look at the lower left corner of your browser or email client. You should see the exact address of the link you're hovering over.

This is where things start to get critical. Read that link very, very carefully and it should become obvious if it's a scam. Here's an example that landed in my inbox just the other day. (In the interests of public safety, I've removed parts of the link.)

If you're not playing close attention, you'd see at the front of that link and just figure this was an email from Apple. Unfortunately, you'd be wrong. Keep going past "" and you'll see the site the link actually leads to is "".

With URLs this long and complicated, how do you tell what's authentic and what's not? Here's a good rule of thumb: keep reading a URL until you hit the back slash "/".

Once you hit the back slash, back up until you're at the first period before the backslash (in our example it's ".es"). Everything you see in front of that period is the full address of the webpage you're headed for.

Thus our example doesn't lead to, but a subdomain of

By the way, you should always trust your own reason ahead of link scanners and other security software to ensure your safety. In my tests, several security suites that scanned the full version of our example URL returned a clean bill of health for the site, even though to human eyes this is clearly not an Apple website.

3. It has an attachment

If a malicious actor can't sucker you with a phony link they will try to trick you into downloading a file packed with malware.

Here's a classic example I came across recently. A message supposedly from landed in my inbox with an invoice attachment asking for final payment on an overdue item.

This message was playing on the sudden emotional horror at thinking you may have an unpaid item with a service you use. Without thinking twice, you may soon be downloading an attachment just to make sure the company didn't make a mistake.

That's when you need to stop and breathe. Another solid rule of thumb is to NEVER download an attachment you're not expecting, no matter who it's from.

Complicating this issue, however, is there are a few people that you may expect to send you unsolicited (or semi-unsolicited) attachments such as your child's teacher or a co-worker with an animated GIF obsession.

In those cases, it will be up to you to decide whether or not it's risky to open up those attachments. If nothing else, make sure the message from your child's teacher is well written and makes logical sense (Christmas party plans in January? I don't think so). And if you do decide to download the attachment, save it to your hard drive and scan it with an antivirus tool before you open it.

Email is far less risky to use than it used to be. Nevertheless, it's still an extremely popular attack method for the bad guys. So it pays to keep your email sleuthing skills sharp for those times when the bad stuff gets through your email provider's defenses. And be sure to check out PCWorld's guide to dodging the web's most devious security traps to stay outside of your inbox, too.

Join the CSO newsletter!

Error: Please check your email address.

Tags emailspamantispamsecurityphishing

More about AppleApple.Microsoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ian Paul

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place