Three warning signs that email is malicious

Email spam filtering is far better than it used to be. There was a time when nearly every scam email would land in your inbox. Thankfully that's not the case anymore—especially if you're a Gmail user.

But no system is perfect. Every now and then a scam message will manage to slip into your inbox. But how do you know when you're looking at a scam or not?

Here are three basic tip-offs you can look for to figure out whether you're looking at an email with dishonest intentions. They're hardly an exhaustive list, but more often than not one of these tips will save you from getting suckered.

1. Dear customer

One thing spammers are counting on is that you, the target, don't realize there's this ancient technology in Microsoft Word and other apps called mail merge. This feature creates a template that automatically uses a customer list to fill in names, the last four digits of a credit card or bank account number, and other personal information.

That means when I receive an email from my bank, I expect it to say "Dear Ian" or "Dear Ian Paul," but certainly not "Dear Customer" or "Dear ," or, worse, no salutation whatsoever.

If you see an email addressed to "Dear customer" that asks you to follow a link to fill in your account details, chances are it's a phishing scam.

That's not to say that you should automatically trust any email specifically addressed to you. But you can be sure that if you get an email from a company you do business with like a major bank, retailer, or technology company, they will address you by name in any email. 

2. That link is crazy

If you're unsure about an email, hover your mouse over any links you see in the body of the message (just whatever you do don't click it!). Next, look at the lower left corner of your browser or email client. You should see the exact address of the link you're hovering over.

This is where things start to get critical. Read that link very, very carefully and it should become obvious if it's a scam. Here's an example that landed in my inbox just the other day. (In the interests of public safety, I've removed parts of the link.)

idmsa.apple.com-idmswebauth-classiclogin.htm.artXXia.es/XXXXXXX

If you're not playing close attention, you'd see Apple.com at the front of that link and just figure this was an email from Apple. Unfortunately, you'd be wrong. Keep going past "apple.com" and you'll see the site the link actually leads to is "artXXia.es".

With URLs this long and complicated, how do you tell what's authentic and what's not? Here's a good rule of thumb: keep reading a URL until you hit the back slash "/".

Lichtmeister/Shutterstock

Once you hit the back slash, back up until you're at the first period before the backslash (in our example it's ".es"). Everything you see in front of that period is the full address of the webpage you're headed for.

Thus our example doesn't lead to idmsa.apple.com, but a subdomain of artXXXogia.es.

By the way, you should always trust your own reason ahead of link scanners and other security software to ensure your safety. In my tests, several security suites that scanned the full version of our example URL returned a clean bill of health for the site, even though to human eyes this is clearly not an Apple website. 

3. It has an attachment

If a malicious actor can't sucker you with a phony link they will try to trick you into downloading a file packed with malware.

Here's a classic example I came across recently. A message supposedly from Booking.com landed in my inbox with an invoice attachment asking for final payment on an overdue item.

This message was playing on the sudden emotional horror at thinking you may have an unpaid item with a service you use. Without thinking twice, you may soon be downloading an attachment just to make sure the company didn't make a mistake.

That's when you need to stop and breathe. Another solid rule of thumb is to NEVER download an attachment you're not expecting, no matter who it's from.

Complicating this issue, however, is there are a few people that you may expect to send you unsolicited (or semi-unsolicited) attachments such as your child's teacher or a co-worker with an animated GIF obsession.

In those cases, it will be up to you to decide whether or not it's risky to open up those attachments. If nothing else, make sure the message from your child's teacher is well written and makes logical sense (Christmas party plans in January? I don't think so). And if you do decide to download the attachment, save it to your hard drive and scan it with an antivirus tool before you open it.

Email is far less risky to use than it used to be. Nevertheless, it's still an extremely popular attack method for the bad guys. So it pays to keep your email sleuthing skills sharp for those times when the bad stuff gets through your email provider's defenses. And be sure to check out PCWorld's guide to dodging the web's most devious security traps to stay outside of your inbox, too.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Related:
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.