Ten tips for identifying spam emails

We often fail to notice the absence of something that was once ubiquitous, like the gradual disappearance of cold symptoms, or a lack of reality singing shows in the TV schedules.

The same could be said for spam email, which was once ever-present in our inboxes but is an increasingly rare presence today.

While the number of spam emails sent daily is estimated at over 120 billion, the overwhelming majority of these fail to reach our inboxes.

Most are blocked by vigilant ISPs and email servers, which use hugely complex algorithms to determine whether an incoming message is fraudulent, or part of an unsolicited mass mailing.

If it is, it’ll be deleted without ever reaching your inbox. The sender is unlikely to know it didn’t arrive, and you certainly won’t know it was sent.

Beware geeks bearing gifts

It’s almost tempting to acknowledge the achievement of messages which do get through to your work or personal account.

In reality, these messages tend to be harmful in some way – promoting unsavoury content, bearing malware attachments, or attempting to trick people into surrendering personal data.

And while mail servers weed out the vast majority of junk mail, it’s still incumbent on all of us to be proactive in identifying spam emails.

You can’t rely on your ISP (or antivirus software) to ensure every single message reaching every single mailbox is entirely legitimate.

Even the most efficient algorithm can be fooled, depending on the volume of emails being sent out at a time, or whether text bypasses the Bayesian filters used to identify junk messages.

Below, we list ten tips for identifying spam emails, using the example of a fraudulent message claiming to be from one of the most impersonated organisations in the UK – HMRC.

1. Consider if you’re expecting a message. If your personal tax return isn’t due for six months, are you likely to be receiving a message from HMRC about a tax refund?
2. Examine the presentation. Spammers work quickly, and their work is usually shoddy. Missing graphics, poor formatting and blurry text all betray an email that’s been rushed.
3. Study the language. Spelling mistakes and poor punctuation are hallmarks of foreign spammers, whose grip on English betrays the fact they’re not a legitimate UK-based firm.
4. Beware of links and attachments. These are often used by spammers to embed malware for future fraud, so never open attachments or click links unless you’re sure they’re legit.
5. Hover your PC or Mac’s mouse over the Sender name. An email might display as being from ‘HMRC’, yet the sender’s email account is actually hmrc2021@zykon.net.ru.
6. Beware of foreign emails. The above illustration used a Russian top level domain. Other countries synonymous with spam include China (.cn), Nigeria (.ng) and Germany (.de).
7. Be suspicious of emails sent at odd times. Some legitimate marketing emails may be sent overnight, but most UK businesses will distribute emails during the working week.
8. Don’t fall for urgency. Spammers try to distract from the shortcomings in their emails with a sense of urgency. Stop and think – why are you being asked to act immediately?
9. Be wary of generic content. Would a company you regularly deal with send an email that starts “Dear Customer”? Is your account number included in the message body text?
10. Don’t trust emails with limited content. An email that simply says “There is a problem with your HMRC account. Click here to resolve it” is far too basic to be authentic.