Spotting a Spoof: The ultimate guide to catching spoof emails

Most businesses today recognize the dangers of phishing scams: from stealing passwords to spreading malware, threats to your business security are everywhere, and no matter how thorough your business is in setting up multiple lines of defense, email will be your Achilles Heel.

NW Technology has  the tools to help guide you in making smarter business decisions with your IT, which is why we created the ultimate guide to catching a phishing email, a list of all the warning signs that the email you just got might not be as legit as it looks.


Verify the email address

Check the Domain

The most obvious signal of a fake email is an address not associated with a domain you would typically link with an organization. If it’s supposedly from Microsoft, make sure the email is an email.


Check for small variances

Less obvious is the slightly altered, but still believable address. For example, changing laurensires@nwtechnology to laurensires@northwesttechnology. Our company is commonly referred to as Northwest Technology, and since the names match, most wouldn’t bat an eye opening this email, which is why it’s so dangerous.


Check for misspellings

This could be a spelling error on a name, like Krystal versus Crystal, or in the domain, @nwtehcnology rather than @nwtechnology. Don’t be fooled, these are intentional and meant to be obscure to avoid detection.


What time was it sent?

It’s not uncommon for large organizations with automated email groups to send emails in the middle of the night. But if Jim from your office who doesn’t typically work off the clock sends you an email at 2:00 in the morning, that might give you reason to raise an eyebrow.


Weird grammar choices?

People have a specific tone when speaking, which is often reflected even over email. One person might use a lot of exclamation marks while another might be more formal. Personal style is something a scammer can’t imitate, so if something reads a little bit off, try using the verification methods mentioned in this article before complying with any requests.


Abnormal capitalization or punctuation?

If a scam is coming from another country where your language is not the primary language, there is a good chance they won’t nail all of the grammar cues such as: capitalizing names in sentences but not typically in an email address. But this could also help identify to a person’s writing style, if coworker or client who typically emails you in short succinct sentences suddenly has proper greetings and capitalization that could be a red flag.


Not sure? Never hurts to ask

If you get an email coming from someone you typically do business with that seems a little off, don’t reply to that email, instead send them a new one to confirm. Most people will appreciate the extra step you took because it will ultimately help keep their email secure.


If the email you received is supposedly from a company whose service you use, check their website for a support number. If action does need to be taken on your account, customer service should know about it and can help you through the process. DO NOT click on any links in the email. If it’s asking you to log into your account through the supplied link, instead go directly to that business’ website and log in yourself. Notifications about your account will likely also be listed there.


Finally, don’t hesitate to call your IT service provider. Any technician would rather spend a couple minutes validating a suspicious email then hours trying to get rid your network of a damaging virus that was spread through your email.