Avoiding Suspicious Emails

Avoiding Suspicious Emails

Emails can appear very innocent and helpful, but your inbox is a valuable tool for scammers to compromise your computer. Here's 5 ways to identify a suspicious email and stay safe. Of course, if you find a suspicious email like this, feel free to reach out to the IT team if you're not sure.

1. The message is sent from a public email domain

No legitimate organisation will send emails from an address that ends ‘@gmail.com’.

Not even Google.

Except for some small operations, most organisations will have their own email domain and company accounts. For example, legitimate emails from Google will read ‘@google.com’.

If the domain name (the bit after the @ symbol) matches the apparent sender of the email, the message is probably legitimate.

By contrast, if the email comes from an address that isn’t affiliated with the apparent sender, it’s almost certainly a scam.

The most obvious way to spot a bogus email is if the sender uses a public email domain, such as ‘@gmail.com’.

2. The domain name is misspelt

There’s another clue hidden in domain names that provides a strong indication of phishing scams ­– unfortunately, it complicates the previous step.

The problem is that anyone can buy a domain name from a registrar. And although every domain name must be unique, there are plenty of ways to create addresses that are indistinguishable from the one that’s being spoofed. If an email says something about your Netflix account for example, but their email is being sent from "Netfix" or "Metflix" you could be easily fooled if you're just taking a quick glance. It's important to check these addresses closely.

3. The email is poorly written

You can often tell if an email is a scam if it contains poor spelling and grammar. Any legitimate email can have mistakes of course, but some questions to ask yourself to determine whether this is legitimate or poor planning on the part of a scammer are;

  • Is it a common sign of a typo (like hitting an adjacent key)?
  • Is it a mistake a native speaker shouldn’t make (grammatical incoherence, words used in the wrong context)?
  • Is this email a template which should have been crafted and copy-edited?
  • Is it consistent with previous messages I’ve received from this person?

No matter how phishing emails are delivered, they all contain a payload. This will either be an infected attachment you’re asked to download or a link to a bogus website.

The purpose of these payloads is to capture sensitive information, such as login credentials, credit card details, phone numbers and account numbers.

Many scam emails will specifically have an attachment or link that they'll want you to click on. Do not do it! Clicking on attachments or links is the easiest way to let a scammer into your computer. If you don't personally know the sender or if the email generally looks suspect, don't click on anything they sent in the email, as it could compromise your computer's safety.

5. The message creates a sense of urgency

Scammers know that most of us procrastinate. We receive an email giving us important news, and we decide we’ll deal with it later.

But the longer you think about something, the more likely you will notice things that don’t seem right.

Maybe you realise that the organisation doesn’t contact you by that email address, or you speak to a colleague and learn that they didn’t send you a document.

Even if you don’t get that ‘a-ha’ moment, returning to the message with a fresh set of eyes might help reveal its true nature.

That’s why so many scams request that you act now, or else it will be too late. This has been evident in every example we’ve used so far.

PayPal, Windows and Netflix provide regularly used services, and any problems with those statements could cause immediate inconveniences.

The manufactured sense of urgency is equally effective in workplace scams.

Criminals know that we’re likely to drop everything if our boss emails us with a vital request, especially when other senior colleagues are supposedly waiting on us.



If you see any of these five signs, take a step back and think about it for a moment, rereading it as you go. If you're seeing red flags, don't click on things or do anything the email tells you to do. Just ignore it and move on. If it's supposedly from a coworker or a business you deal with, feel free to reach out to their actual address (not a reply to the email you received) you know them by just to make sure it was not them sending you the email. Last but not least, if you're suspicious of an email and not entirely sure, let the IT team know, and we can investigate further.


    • Related Articles

    • The 5 most common types of Phishing Attacks

      Phishing is among the biggest cyber threats facing organizations. In this article, we'll look at five of the most common types of phishing email to help you spot the signs of a scam. 1. Email phishing Most phishing attacks are sent by email. The ...

    • Microsoft: Give mailbox permissions to another user

      As the admin, you may have company requirements to allow some users access to another user's mailbox. For example, you may want to enable an assistant to send or read email from their manager's mailbox, or one of your user's the ability to send email ...

    • Microsoft: Configure email forwarding in Microsoft 365

      As the admin of an organization, you might have company requirements to set up email forwarding for a user's mailbox. Email forwarding lets you forward email messages sent to a user's mailbox to another user's mailbox inside or outside of your ...