- Instagram just added a location sharing feature. Here's how to use it
- Over a Third of Firms Struggling With Shadow AI
- Most companies will increase IT spending in 2025. But there's a twist in the tale
- 2025's CISO: Managing Cyber Threats With Bigger Budgets But Higher Stakes
- Generative AI in healthcare: benefits and challenges according to CIOs
How to easily check if an email is legit or a scam, and protect yourself and your company
Use these practical guidelines to determine if something’s a great deal or too good to be true.
I spend a few minutes every morning blocking and unsubscribing from lists that send irrelevant messages. Because my email address is public, most of these messages are unsolicited; a few might even be dangerous. Fortunately, the more we take advantage of the internet, the better equipped we are to deal with messages that aren’t what they claim to be. The solution is always prevention. In this article, I’ll discuss a few guidelines that will help you discern whether an email message might have the potential to damage your system.
SEE: TechRepublic Premium editorial calendar: IT policies, checklists, toolkits, and research for download (TechRepublic Premium)
I’m using Microsoft 365 on a Windows 10 64-bit system, but this information will apply to any version.
First, use prevention
I shouldn’t have to say this, but just don’t. Don’t. Don’t. Don’t do it! Even I’m tempted occasionally to click a link to check something out. Scam emails often look real; they’re personalized and can be quite convincing. A single click can quickly wreak havoc.
SEE: Identity theft protection policy (TechRepublic Premium)
In addition, there are still many file formats that can run malicious code on your system if you open it. Once you do, the damage is done. So, never open an attachment until you know it’s legitimate. You probably know this already, but it bears repeating: Unless you’re expecting a file from someone, don’t open it. If you receive a file from someone you know, but you weren’t expecting it, check with the sender before you open the file.
Visit the site directly
If you receive an offer or query that requires clicking a link or opening a file, bypass it. It might look legit—an offer to save 10% on your next couch sounds like a great deal, right? If you’ve been shopping online for a couch, it might even be real, but ask yourself a few questions: Have you purchased from this store before? Have you visited the store’s web site and signed up for offers? If not, ignore it. That 10% isn’t worth it!
If you think the offer might be legit, visit the site directly. It’s much safer.
Check the link
Many of us shop online a lot. It’s common to receive a thank you offer so you’ll come back and make another purchase. I receive emails from various craft sites because I buy yarn online. I know some are legitimate because I’ve recently made a purchase. But what if you haven’t conducted business with the entity? You can always visit the store directly, but if the offer is for a first-time buyer, should you click the link to redeem it?
SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
Before doing so, hover over the link so you can examine it. Are there extraneous letters in the domain name? Perhaps the domain name doesn’t even resemble the company. These are clear signs that the message probably is a scam. If the link promises to enable special features or personalized content, don’t click!
Another place to check is the sender’s email address. The same thing holds true: The domain name needs to be clear and succinct.
You might receive a legitimate offer that’s using a third-party service, but the truth is, they shouldn’t. Marketing is a vital part of the income chain, and the company should use sound practices to gain your trust.
The sender needs a proofreader
A legitimate business will spend a lot of effort on their offers—retailers want to connect with you. You shouldn’t see grammatical errors or typos. If you do, most likely, it’s a scam. If the tone sounds foreign or just not quite right, it’s probably a scam.
To unsubscribe or not
If an offer is valid, you’ll probably find a link at the bottom that allows you to unsubscribe from its list if you’re not interested in receiving more offers. Some experts advise that you not do so, but I disagree—but only if the email is coming from a valid source. Go ahead and unsubscribe if you receive too many emails from the same sender.
SEE: Software as a Service (SaaS): A cheat sheet (free PDF) (TechRepublic)
If, on the other hand, you think the email is a scam, delete it without unsubscribing, even if the link is offered. Clicking will only tell the con artist that your email is active, and they’ll sell it to other unscrupulous parties.
The only safe choice is to block
Sometimes the only thing you can do is block a sender. If you receive too many messages and you’re not sure you should unsubscribe, block the address. The sad reality is that most of these setups will change the sender’s email regularly, so after a while, you’ll start receiving the messages again. I have an astrologer who’s convinced I’m cursed and that she can help me. I block her every single time I receive an email from her, but I still get them.
It’s easier to be safe than sorry, as they say.
Don’t forget to check your spam folder
Now let’s turn the tables a bit because sometimes you don’t receive a message that you want—whether you’re expecting it or not. Spam filters are often a bit too aggressive, and real messages can end up in your spam or junk folder. I once found a signed contract from a new client there—the client was annoyed that I didn’t follow-up right away. There’s no good advice for this problem because checking that folder is a bit like orbiting a black hole. But awareness may be what saves you. Don’t hesitate to take a quick look if you’re watching for something that doesn’t show up.