Skip to content

Five simple clues that an email is dangerous

Four simple clues that an email should be deleted. Among the bogus coronavirus emails was something new to us and apparently the anti-spam filters that should have detected it. We’ll use the dangerous email as an example of what to look for in a scam or virus-infected email.

The email is supposed to be an ‘IKEA Quick Survey’ with the chance to win a gift card.

It’s obvious to us that it’s a fraud, how did we know?

Company doesn’t ‘know’ me

The supposed sending company doesn’t have my email details.  Ikea doesn’t have my email address. It could be a ‘cold email’ from a purchased email list but that’s less likely.

This alone is a quick clue.  For example, emails from banks you’ve never had an account with.

Wrong sender domain

A dead giveaway, look at the domain name in the senders address.

 

Any legitimate email would come from the company’s main domain name.

The domain name showing could be owned by the criminals or ‘borrowed’ from a legitimate business.

Summary line

The email summary line makes little sense.

It’s Swedish for “Make sure your home always looks beautiful.” The real Ikea would not put that in an English language email.

The foreign text might be a mistake by the scammer or a trick to fool anti-spam filters.

Wrong links

All the clickable links use a domain with no connection to the real company.

Always hover over the link in an email to make sure it matches the real company.

Some legitimate emails do have links via third-party services but they should not.  Any properly run email marketing has links using the common domain name of the company (that’s what Office-Watch.com itself does).

The bottom of the email has some wording to make it look more legitimate but it’s more trickery.

The report and unsubscribe links don’t do anything except tell the scammer that you’re foolish enough to click a link.

Don’t click on the links

Sure, it’s tempting to click on a link in a scam email, just to see what happens. DON’T DO IT.

That includes any ‘Unsubscribe’ link at the top of the email and put there by your email program.

The links in these scam emails are usually personalized to the email address sent to.  Even if the web site is harmless, the scammer knows you’re a likely target and will send more and cleverer emails to that address.

.DOC .XLS .PPT attachments – Beware

Not in this nasty email but a common trick is sending bad Office documents using the older formats; .DOC .XLS .PPT and similar three letter extensions. If any email or message attachment arrives with these older document formats, treat with great suspicion. In most cases, delete the message.  If it might be from a real sender, ask them to resend in a safe, modern format.

Why Old Office documents should be banned

Any legitimate sender should be sending modern .DOCX .XLSX or .PPTX Office documents which can’t include macros.

Other clues

There are other, more technical, clues, but the five above should be enough to identify any messages that get through to you.

Automatically marking Office Watch etc as ‘not spam’ at your mail host

A risk of spam filters – you might miss a real prize!

Outlook spam filter being allowed to die

 

About this author

Office-Watch.com

Office Watch is the independent source of Microsoft Office news, tips and help since 1996. Don't miss our famous free newsletter.