web analytics

How to identify malicious spam and phishing emails


There are numerous advisories and guides to help people identify malicious emails. However, many of these documents are incomplete or incorrect. Some of the old guidelines to identify fake emails no longer apply. For example, in the past we were told to be suspicious of unknown senders, but to trust emails from people we know.


  • Malicious Spam. Bulk emails that are malicious will try to get the recipients to click on a link for purposes of infecting their computer without specifically seeking personal information or account logins.
  • Phishing. When an email is an attempt at ‘fishing’ for specific details about you or your accounts, that is referred to a phishing email.
  • Spear Phishing. Emails that are crafted specifically for the recipient are considered spear phishing. They may be from people you know or institutions you have a relationship with. They may include some specific details about you or your accounts that motivate you to trust the content of the message.

Suspicious Email Attributes

Here’s a list of considerations to be mindful of when checking your email.

  • Sender. While it’s generally true that you can trust emails from people you know, sometimes an email will arrive with a sender name that is familiar, but upon further inspection you’ll notice the sender email address is not what it should be. To check the sender email, you would usually click on the person’s name or utilize the method provided by your email system.
  • Links. With a suspicious email, there may be a link you are asked to click on. Most email systems allow you to hover your mouse pointer over the link to see the address. If the address is an unfamiliar website, don’t trust it.
  • Attachments. Be careful about any emails containing attachments that you weren’t expecting. These can be malicious programs.
  • Images. Emails that contain images may also be tracking your interactions with that email. So, just opening an email could let the sender know you’ve opened it. So, with unusual emails, it may be best to use the preview on your smartphone or email system if it lets you see the first few lines of the email without opening it.
  • Greeting. Neither a generic email greeting, or a specific one with your name, are indicators of an email’l legitimacy. Some legitimate emails are generic. Some fake emails will greet you by name. So don’t let either establish your trust.
  • Grammar. When there are numerous typos and grammar problems in an email that’s usually an indication something is wrong, but well crafted emails with no typos can also be fake. So, don’t let perfect grammar establish your trust.
  • Requests. An email that asks you to click on a link (as described above) or login to your account to correct a problem should be questioned. Don’t click on any links. If there’s a request, go to the institution’s trusted website instead. See below for types of suspicious requests.

Suspicious Email Requests

  • Mailbox Full. A common fake email will claim that your mailbox is full. Don’t click on any links in the email. Instead, go directly to your trusted web portal and check your email storage limit and usage.
  • Shipment. A common fake email will claim to have delivery information in an attachment. Be very careful to check the validity and go directly to your shipper. Do not download any files, do not open any files, do not click any links from within a suspicious email.
  • Billing. A common fake email will claim to request payment of a bill using an attached invoice. Be very careful to check the validity and go directly to the vendor. Do not download any files, do not open any files, do not click any links from within a suspicious email.
  • IRS. A common fake email will claim to be from the IRS. Be suspicious of these. Only interact with official IRS websites.
  • Winnings. You may get an email notifying you that you’ve won some money. These are typically fake.
  • Extortion. Sometimes an email will attempt to extort money by threatening you. The sender may claim to know you and may even provide you with a password that you’ve used in the past. Be careful with such emails. Usually these messages will claim to have embarrassing video of you. Get advice from someone you trust. Generally these messages are created using your name, email, and a password that you’ve used which was obtained along with many others from a compromised online service.

Further Reading

Here are some additional resources to help with email security. These are listed alphabetically by source.

  • Federal Trade Commission – “How to Recognize and Avoid Phishing Scams” [View]
  • National Cyber Security Alliance – “5 Ways to Spot a Phishing Email” [View]
  • Validity – “10 Tips on How to Identify a Phishing or Spoofing Email” [View]

By Greg Johnson

Greg Johnson is a freelance writer and tech consultant in Iowa City. He is also the founder and Director of the ResourcesForLife.com website. Learn more at AboutGregJohnson.com

Leave a Reply