It's not always easy to spot a scam or fake email. Despite the best efforts of many spam filters and various security systems, these fraudulent emails occasionally make it through.
Sometimes a client will contact us about a "suspicious" email they've received, to ask us if the email is genuine or not. Our reply is always the same: It's good to be suspicious, so good on you for checking with us.
We use what we call the "red flag system" to help us know what to do. If any email received appears to have one or more "Red Flags" - then do NOT click any link (do not click unsubscribe either) and do NOT reply to it or take any action without seeking further clarification first. Ask for help if you need to.
How to spot a fake or scam email
It's not always obvious, but there are usually some fairly clear signs within a fake or scam email. You can make a reasonable guess whether an email is fake or a scam by following these steps and applying a "Red Flag" if you feel any of these apply:
1) Check the sender name and email address. Does it look genuine, or is it from a strange looking domain name / sender address? If it looks odd or unexpected - that's a Red Flag.
2) Consider the subject and content of the email: Does it seem odd, unexpected, sound suspicious, salacious, threatening or "too good to be true"? If so, that's a Red Flag.
3) Check the grammar, spelling, punctuation layout and wording. Does it look unprofessional, badly designed, poorly written with several errors? If so, that's a Red Flag.
4) On a computer (doesn't work on a phone) hover over any link or button in the email - but don't click it. A preview of the link usually shows in the footer of the browser window. What does the link address show? Does it look strange, odd or unrealistic, containing a unknown domain name? If so, that's a Red Flag.
5) Is there a phone number on the email? Most 'business' type emails will often contain a phone number, however, not all do, so not having a phone number is a more of an Orange Flag.
Remember:
Orange Flag = proceed with caution.
Red Flag = don't take any action: don't reply or click a link, don't unsubscribe or submit any information without additional checks.
If you're not sure, call the sender at their published phone number, and ask about the email. Get verification before taking action.
Basically - do nothing unless you are sure of the veracity of any email. However, if like most humans, you sometimes act before thinking, and you have clicked a link and you find yourself on a website that's asking for any information, exercise extreme caution and check that the domain name (web address) appears legitimate (these can't be easily faked), branding is as expected and layout & content is professional looking.
Get further clarification with the publishers before you give away any important information.
Feel free to ask your friends, colleagues and advisors for help if you need it.