We are all getting these scam Email that wants you to inherit 15 million dollars or inform that your bank Account has been hacked. It’s not hard to tell that this is junk, but when the messages look more professional, it suddenly becomes harder to spot fake emails. Unfortunately, still, a lot of people fall for these tricks.

Due to data breaches, billions of account information get public every year. This data contains account information like name, email, maybe age, and credit card details. It doesn’t take much for hackers to join these details and create a genuine-looking email that asks for your sensitive information. Now I know you’re smart and don’t fall for that. But some of your friends or family members might. If one breach leaks millions of accounts, there’s got to be someone that falls for it.

Here are the most essential hints to spot fake emails:

1. Who is the sender? Look at the email address, and the domain (the stuff after the @ symbol). Does it look suspicious? If the domain doesn’t correspond to the sender, it is most likely a scam, e.g., [email protected] or [email protected]. However, don’t solely rely on that as it is quite easy to change the apparent sender information.
2. Who was the message sent to? If the email was sent to „undisclosed recipients,“ not to your address, or if no recipient at all appears, your alarm bells should ring.
3. Where do the links point to? Don’t directly click on links in emails. Hover with your mouse to see the destination or try to copy it. Does the link point to the site that is pretending to send the current message? If the link points to any other site, don’t click it, especially if it is a shortened link (bit.ly, goo.gl, t.co, TinyURL, ow.ly) or cloud storage (Google Drive, Dropbox, etc.). With link shorteners, you don’t know where you will be redirected to.
4. Are there spelling mistakes? Luckily, scammers make a lot of spelling and grammatical errors. If the language in the message has poor quality, it’s most likely a scam. However, there are still bad people who master your language.
5. Are there any attachments? Never save or open attachments from untrusted senders. Dangerous files can be disguised as .pdf, .docx, or .jpg and take over your computer. Be extremely vigilant with .zip or .exe files.
6. Does the message urge you to some action? Subjects like „URGENT: …“, „Click here,“ or „Your payment of $2000.00“ try to hasten a reaction from your side. Also, a message like „2 incoming messages have been blocked by your mailbox, click here to get the messages.“ makes us curious. Take a second look before you do something. Often you don’t have an account with the pretending bank or don’t use that service.
7. Do they ask for information? Be careful if the sender asks for some sort of information like names, account information, or passwords. Never share any sensitive information. Even if it is really your bank: Log in to your account not by clicking the link, but by entering the address in your browser yourself.
8. Have you turned on automatic replies? Many configure an automatic response when they are out of the office or on vacation. These automatic replies are also sent to scammers, which in turn know
   • that they have reached a real address,
   • your full name and workplace,
   • your schedule and vacation information (means your house is empty during that time).

I highly recommend to turn off these notifications.

Go through this checklist when you get a suspicious email. Even if the message is from a friend, it is worth to quick check that everything looks ok. Also, don’t forget that the information of many billion more accounts will be leaked in the future. It is just a matter of time. Share your information wisely; many services ask for more data than necessary. Don’t share your real birthday, phone number, or address with any site.

A smart way to avoid having your data in the next leak is to get rid of old, unused accounts. Change your profile data to random information and then delete it. You can always create a new account when you need it again.

If we manage to spread awareness these kinds of messages will soon no longer fool anyone.