While being one of the most useful business tools ever invented, email can also be a hindrance. Because of its generally open nature, where anyone can get an email address, criminals have taken their operations online, in the form of email frauds or scams. Here are some tips to help you determine if an email is legitimate or not.

Look at the email address
One of the easiest ways to spot a fraudulent email or scam is by looking at the sender’s email address. Most credit card application scams use third party email services like Gmail or Yahoo. Some scammers go so far as to set up accounts in the name of the company e.g., AMEX_121@gmail.com, but how likely is it that American Express would use gmail to send you an application?

More sophisticated scammers will try to copy a legitimate email from the company’s email account – a practice called spoofing. There will usually be a few changes, like a missing letter from the address, or an extra . added.

The easiest thing you can do to verify an offer is refer to the sender’s site on the Internet. For example: You get an email from AMEX OPEN (American Express’s small business credit card) and notice that the sender’s email address just doesn’t look right. Go to Google and search for amex fraud. You should find the AMEX fraud page, which tells you exactly how the company sends emails.

Look at the sender’s website
If you think an email is fraudulent, try looking up the website associated with the sender. Should you be unable to find the site, it’s likely a scam.

If you do find a website, click through some pages to see if there is anything that looks out of place. For example, a website selling a new financial service that has pages emblazoned with “Coming Soon” should raise suspicions. Likewise if you get errors when trying to load a page. If it looks fishy, it likely is – delete the email.

It can also be a good idea to use archive.org’s Wayback Machine to do a little research. Copy and paste the suspicious website’s URL into the The Wayback Machine Search bar and hit “Take me back.” This will bring up previous versions of the website. If you see that the site in question was something completely different a few months to a year ago (for instance, it is a financial services page now, but six months ago it was a page selling prescription drugs), chances are high it’s a fraud.

Call them
Many scammers will put phone numbers into emails to make them look more legitimate. If you are unsure about whether this email is legitimate or not, why not try calling the number? Many scammers have more than one fraud operating at the same time and may answer the phone with another name, or not at all.

Similarly, if you call what is supposed to be a local number for a business and get routed directly to voicemail, it’s likely fraud.

Look carefully at the body of the message
The body of the email can often hold clues that the sender isn’t on the level. Because many fraudulent emails originate outside of the major English speaking countries, the written language might just sound different from the way people write and speak in your area. A great example of this would be a line like ‘We wish to sell you a great product.’

Look for spelling errors and grammar mistakes or inconsistencies. While some fraudulent emails will have minor spelling inconsistencies, others will spell common words wrong. If you see mistakes like ‘our product are a great deals’, this should raise a warning flag.

Spelling and grammar errors are a part of business communication, so don’t expect a perfect email every time from all companies, especially if you see that the company is located overseas. It’s the emails with mistakes supposedly coming from companies in your area that should really raise alarm.

The sender asks for money or passwords
It’s kind of an unwritten rule that when sending out emails you never ask for a person’s credit card number or account passwords. Banks, large companies, and social networks will never ask you for passwords or account information, credit card numbers, pin codes, or similar information over email.

If you think an email is a scam, it’s best to just delete it immediately. Don’t respond or forward it to colleagues or employees. If you need to let people know, write another email that describes the suspected email but has no links. You can also forward a screenshot to your colleagues or friends to illustrate the scam. This way they can see what you’re talking about but any links will not be active.

Looking for more ways you can protect your company? Contact us today. We can work with you to develop a security system that will meet your needs.