7 Tips for Recognizing Scam Emails Before You Open Them

[Do you get our weekly free newsletter with the latest scams and tips to stay safe? Sign up now and be smarter and safer using the Internet! ]

Any threat we may get into our email inbox is really no threat at all if we can recognize it and delete it before we open it.  We might make the decision to delete everything that comes from an email address we don’t recognize, but for most of us that’s not practical. And when we open a scam email, for example, our risks increase for a variety of threats and negative circumstances. However, there are several simple things we can do to more easily identify and delete scams and spam before we open them.

1. Sender’s email address or domain (name after the @ symbol) is an odd string of characters

Spammers and scammers often use software to generate thousands of emails at a time.  These programs sometimes dump in random strings of characters when they create the fake sender’s address. Check out this string of email addresses that hit an email server in just a few minutes:1-sender email is odd string of characters

Or how about this solicitation about taxes that comes from UrgentTax@tyttacekory.com.   The domain “tyttacekory.com” is so odd that it should make anyone suspicious.

1-sender domain is odd string of characters

2.    Sender’s email address has a name before it that doesn’t match the name in the email address

Email programs are often able to send/receive email that displays the owner’s full name in front of the owner’s email address. Here are two legitimate examples:

“Joe Schmo <joe.schmo@yahoo.com>”
“Jane Smith <jsmith@mycompany.com>”

Spammers/Scammers often mismatch names.  We can’t explain why but here are two examples:

2-PayPal phish mismatched namesNotice that the sender’s email address says “PayPal Manager” but the email address that follows doesn’t point back to PayPal.com.

In this second example, the name in front of the email address is a complete mismatch to the actual email name. Most people would never create such a mismatch. Just delete!

2-Photos As Promised-mismatched names

3. Sender’s email address contains a 2-letter country code

We have an excellent short video that explains 2-letter country codes in detail and the importance of recognizing them. If you see an email address that ends in a period followed by 2 letters, these 2 letters refer to a country where the email originated. Some are easy to figure out such as br (Brazil), hu (Hungary) or in (India) while others are not so straight forward… es (Spain = España), de (Germany = Deutschland) or hr (Croatia) For a detailed list of country codes, visit this Wikipedia article.

Our point? If you get an email from a country that you have no connection to, and no interest to be connected to, you can identify it before opening it and make a decision to delete it. Here are three examples. See if you can identify the countries the emails reportedly came from:

3-Business proposal w 2letter cc 3-Stock_Tip w 2letter cc
3-You won w 2letter cc

ca = Canada
tr = Turkey
it = Italy


4. There is no visible “From” email address

If the sender’s email address is completely missing in the “From” section then it was hidden on purpose. Just delete.

5. The email seems to have been sent from you to you!

This may sound a bit strange at first but it is actually a very common trick. The first social engineering effort spammers and scammers make is to get you to open an email. If you see an email that looks like it came from you to you, most people are curious enough to ask “what is this?” …and they open it. If you know you didn’t send it to yourself, just delete it!

6. Sender’s email address contains a variation of your name

Another common trick used by spammers and scammers is to create a “From” address that actually uses variations of your own name. Again, the idea is to raise your curiosity enough to get you to open the email. Check out these examples of my username…
6-sender is variation of recipient

7.  Sender’s email doesn’t match the expected source of the email

The final tip we can offer is actually a little common sense when you think about it. If you receive an email that says it is an invitation to connect via LinkedIn, then it should be from LinkedIn, not PeoriaBank.com.
7-sender email doesnt match source 1
If you receive an email that says it is an opinion piece from CNN.com then it shouldn’t come from the domain adp.com
7-sender email doesnt match source 3
Finally, as long as you don’t click a link or attachment, don’t be afraid to open an email if you feel that you need to. But keep a healthy does of skepticism as you read the contents!