Washington State

Office of the Attorney General

Attorney General

Bob Ferguson

web wise sections
5 Common E-mail Scams

Though there are a thousand flavors of e-mail scams, the methods of detection are fairly straightforward. Here are five common types of scams and the clues you can use to spot them.

After reviewing these, you will have learned the skills you need to identify most e-mail scams on your own.

1) The Imitator

Many scams imitate legitimate companies in an effort to fool consumers. The simplest way to avoid these fakes is to never click on a link sent in an unsolicited e-mail. Find the company link on your own using a search engine, or, if you know the company address, type it in yourself.

In this example you receive a security advisory. No legitimate company is ever going to send you a Security Center Advisory in e-mail; That alone is enough to tell you it’s fake. But read on to spot more red flags.


Spot the Flaws:

  1. The sender is bogus. By hovering your mouse over the sender’s address (in this case they claim to be PayPal Security Center) you can see the real address in the lower left corner of the email. These scammers tried to make the address look like it belongs to PayPal, but the inclusion of intl. (short for international) before the PayPal is a dead giveaway. Why would an international division send you email? The second giveaway is the .inc (instead of .com).
  2. The sender would not know your name. "Dear valued member" is a dead giveaway that this is not a company you do business with.
  3. You won’t be notified of maintenance work. Sites manage maintenance seamlessly; at worst you will see a site is down when you try to go there. Sites do not randomly select who gets maintenance. You will never be asked to go through Identity verification in an e-mail.
  4. Hovering over “Click Here” shows the URL’s destination.  As with issue #1, they attempt to look legitimate with https://www.paypal.com.row/pref-NOTI.
  5. Threats. The scam goes from apologizing for any inconvenience to threatening the recipient in an effort to scare you into responding. Companies are not going to threaten you and certainly won’t send threats in an e-mail that randomly selected you for maintenance.
  6. More embedded links. The scammer’s experience tells them that if there are many links you will be more likely to click on one of them. Another favorite ploy is for there to be a link to ‘unsubscribe’ from the email. While legitimate companies do have unsubscribe features, if you get this message in a scam, clicking the link will likely deliver malware to your computer.

2) The Urgent Offer

Look at this offer for refinancing:

Urgent Offer

Spot the flaws:

  1. The offer is from a company you’ve never heard of.  This is really the only identifier needed to know that this is fake. Legitimate companies don’t randomly spam consumers offering loans. The second clue is their e-mail address – with two @’s it does not match typical e-mail address format.
  2. The name of recipient isn’t yours. If the name on the To: line isn’t yours, then you’re one of the thousands (maybe millions) of names hidden on the Bcc: line.
  3. The email is urging you to make a financial transaction under time pressure. If you feel you have to act quickly, you are more likely to react without thoroughly investigating.
  4. You are singled out for an ‘exclusive’ opportunity. Ask yourself: why would a company you don’t know single you out?
  5. You are asked to enter financial information. They want you to enter financial information so they can instantly show you your adjusted mortgage rate. In fact, entering personal financial information on sites you aren’t absolutely sure are safe is almost sure to result in someone stealing from you.
  6. Increased urgency, more time pressure is applied. Notice that they can only guarantee this great rate ‘for three more days’, but no actual dates are given.
  7. Big lures on the page. In this case the big red button is designed to compel you to click. Who doesn’t want to calculate their savings? See  #5.
  8. Hovering over “Click Here” shows the URL’s destination.  When the scam is pretending to be a legitimate source – such as the IRS – the URL may look very similar to the legitimate site, but it actually is not the same.

    When scammers create a fictitious company, creating a URL to match is easy, but if a scammer is pretending to be from a company you do business with and the URL given doesn’t match the company name you know, it’s fake. In this case the URL is http://besthome.de/index.htm.  The ‘de’ extension is for Germany – it is unlikely that an American company would have a German URL.
    Warning: Hover (Don’t click) or you will land on the malicious site.

  9. The phone number is listed to make you feel comfortable. Many people who are wary enough to not click on links, are fooled into calling the phone number listed. Scammers don’t care how they catch you: someone who sounds legitimate will be happy to scam you over the phone.
  10. Official looking ‘safety’ language.  As with #8 above, never click on links to read a privacy policy.
  11. False address and phone numbers. Enter the listed address into a search engine rather than clicking the link and you will find there is no bank there. The phone number doesn’t list the area code, and it is not a toll-free number.

3) The ‘Official Notice’

These scams attempt to fool consumers into believing they’ve received an e-mail that requires them to take some action. Often purporting to be from government agencies, these e-mails notify you of a problem. This example was sent in May, a time when people are more likely to believe an announcement is from the IRS.  Here you’re supposed to be relieved that the IRS is acknowledging they received your payment, and then be anxious that there is a problem, and click without thinking.

Official Notice

Spot the flaws:

  1. The IRS does not send official notices via e-mail. This is really the only information you need to know this is fake, but there are several others as well…
  2. The sender address is service.irs.gov. The real IRS address is www.irs.gov
  3. The IRS would identify the recipient. This e-mail calls you a member. There are no members of the IRS.
  4. The IRS doesn’t send Security Messages.
  5. Hovering over “Click Here” shows the URL’s destination.  This URL, http://www.vwu.at/Editor/assets, is definitely not an IRS site. Warning: Hover (don’t click) or you will land on the malicious site.

4) The Lottery

Foreign lottery scams are rampant. If you did not enter a lottery, you did not win a lottery. If you did enter the lottery, you still are very unlikely to win, and you would not be notified via e-mail. This is a straightforward scam to get your information.


Spot the flaws:

  1. The sender is a person. No organization is going to send a notice from a personal e-mail, and they will use their organization’s e-mail, not a free e-mail service.
  2. No one is listed as the recipient.  If your name isn’t on the To: line, it’s a scam. Also, no legitimate company will send you an e-mail with an incomprehensible subject line.
  3. The message is illiterate.
  4. The sender does not know your name.
  5. There is no such lottery. A simple Web search on the lottery name shows that it does not exist – and several results that say it is a scam. In addition, the idea that you are on an ‘exclusive list of 21,000 email addresses’ is absurd.
  6. If no tickets were sold, how does the lottery make money?
  7. Random jumbles of numbers designed to look impressive.
  8. You will never be asked to respond to an individual. If the organization is legitimate it will have its own e-mail address and you will be directed to customer support or another department, not a person.
  9. The information request. Collecting your information to sell to other criminals is the first goal. But if you respond with this information you will surely be asked for bank account and bank routing numbers as well so they can ‘deposit’ the money.

5) The Survey

These scams rely on people’s desire to weigh in on issues and be heard on the issues of the day. In an election year one flavor is the voting survey, but any hot topic will do: global warming, attitudes towards war, the handling of the latest natural disaster, and so on.


Spot the flaws:

  1. If your e-mail service provider flags the e-mail as questionable, it probably is.
  2. The sender sounds official, until you look at the e-mail address. No legitimate organization is going to spam people with surveys – or send any e-mail from an address like w0m7hft2q5jy@myappreciatedbargain.com.
  3. The sender does not know your name.
  4. The e-mail asks you to ‘click here’ to download images. Simply clicking may result in the download of spyware or other malicious software to your computer.

LOOKBOTHWAYS Inc. © 2008 not for commercial use