Security Tip: Check Email Addresses in Suspect Messages
A Quick Way to Identify a Message as Suspect
One way to help identify a message as a suspected scam is to check the email addresses it uses.
Businesses Use Email Addresses That Reflect Their Name
Legitimate companies will almost always use custom email addresses that reflect their business name or brand. They will not use free email addresses provided by Gmail, Yahoo or other ad-supported email service providers.
For example, online payment service PayPal, often the target of scammers, corresponds with customers using email addresses that have “paypal.com” after the @ symbol (“service@paypal.com”). If you receive an email that appears to be from PayPal but has a sender email address like “paypal@gmail.com”, you should immediately flag it as fraudulent.
Scam emails often request that you contact them using a specified email address. Again, these email addresses can raise red flags.
For example, in a scam email falsely claiming to be from Warren Buffett that I previously wrote about, “Mr Buffet” used a free Yahoo email address. And the “bank” mentioned in the scam email asked you to make contact via a Gmail address.
Emails connected to Warren Buffett’s charitable activities would use official email addresses belonging to the relevant foundation or charity. They would never use free Yahoo email addresses. A legitimate bank would always use a custom email address, such as “service@[bank-name].com”.
Scammer Email Address Tricks
Scammers often attempt to make their bogus email addresses appear legitimate by incorporating the targeted company’s name into the address, as seen with the “paypal@gmail.com” address mentioned above. Sometimes, they may even use a custom domain such as “admin@paypalsupport.com” to increase the likelihood that recipients will believe the email is genuine.
Caveat – Email Spoofing
All that said, keep in mind that some scams use email spoofing to make it appear that an email really did originate with the targeted company. In other words, the email that you see in the “Sender” field may appear genuine when, underneath, it may be an entirely different address.
Thus, checking email addresses should only be one of the methods you use to ascertain an email’s legitimacy. You should also watch out for other potential indicators, such as poor spelling and grammar, suspicious web addresses, demands that you click a link or open an attachment and provide sensitive information, an urgent or threatening tone, unlikely claims, and more.