Five signs of an email scam

By Eleanor O'Neill, CA Today

7 February 2019

Data breaches put personal information at risk and open both individuals and companies up to impersonation and infiltration. But could you spot a malicious scammer in your inbox?

Information leaks have made numerous headlines in recent years. For example, in January, many reported on Collection #1 – a bank of sensitive information made public online and putting millions of email addresses and passwords up for grabs.

Sites like Have I been pwned? allow users to check if their email addresses have been compromised. However, even if your information appears to be safe, the same might not be true for everyone on your contact list.

Hackers can use the information in these data breaches to make attempts against personal accounts, impersonate people or companies and send their own scam emails.

Here are five quick ways to determine if that unread message is actually what it claims to be.

1. You recognise the name, but not the address

You may find an email in your inbox that appears to be from a friend or colleague but seems out of character, has an odd subject line or, at worst, contains nothing but a hyperlink.

Someone may have accessed your friend’s contact list and is now using their name to trick others into handing over sensitive data. Try hovering your cursor over the sender’s name to check that the email address itself is correct.

2. The subject demands action

Scammers benefit from people not thinking things through and will often use phrases like ‘click now’, ‘you have to see this’ or ‘limited time offer’ to prompt immediate action.

A common variation of this is ‘phishing’ emails that tell you one of your online accounts has been compromised and you must confirm your login details as soon as possible. Any link will then take you to a fake website that steals the information you enter.

Always check that any links in emails are familiar, have an expected domain (e.g. ‘.com’ or ‘’) and seem legitimate before clicking.

3. Mistakes in spelling and grammar

An occasional typo isn’t necessarily a cause for concern but obvious misspellings or an unexpected style of writing can indicate that an email didn’t originate from where it claims.

Sophisticated scammers are getting better at sounding professional but obvious mistakes can be your first sign that something is wrong. You might even pick up on a writer trying too hard to seem ‘official’.

4. Logos and branding look different

In cases where a hacker is impersonating a company, the logos, watermarks, branding and even email signature have probably been copied from somewhere else.

Noticeably low-resolution (blurry or pixelated) images, strange fonts and formatting, and unprofessional syntax are all red flags.

5. It just doesn’t feel right

If in doubt, always err on the side of caution. The important thing is to never click on a link or download an attachment from an email that has aroused your suspicions.

You can always check separately with the supposed sender if the communication was legitimate. For example, if an email that claims to be from ICAS concerns you, contact us to confirm we sent it.

Previous Page