How-to: Check Before Opening Email

You can tell a lot about someone from their address; email is no different: here’s how to check before opening email@gimmedamoney.com

Email scams, phishing and malware attacks are multiplying. You’re not safe in your own inbox – unless you take some simple precautions. While your mail provider may run a lot of scans, blacklisting and other email security measures, a lot still gets through. You can weed out a lot of the junk yourself just by checking the sender/’from’ address.

Check the Domain/Subdomain

Look at the sender/’from’ address. If there’s a period after the @ and before the final suffix – .com, .net or whatever – question where the email is actually from.

noreply@amazon.com may well be genuine.
noreply@amazon.gimmedamoney.com isn’t. It contains a sub-domain address. The end-point isn’t Amazon, it’s gimmedamoney.com.

2. Check variants and close-to addresses.

no-reply@microsoftinc.com is a variant that appears to make sense. Except it’s fake. You can find a whole raft of fake domains that are sending spam and malicious emails that are credible but dangerous.

noreply@microsoft.com is probably genuine
noreply@microsift.com isn’t.

Humans like to extrapolate what they see to what they expect to see. Which is why typos crop up in text even after several proof-reads.

3. Check inline reply addresses

Even if the sender/’from’ address is genuine, an email may not have come from there if it’s been spoofed (the header changed to look like a genuine email from source).

In this case, make sure any weblinks or reply addresses are genuine before you click on them to reply to that too-good-to-be-true offer (another sign of a fake).

Treat any inline addresses labelled click here to reply without showing the ‘to’ address as suspicious. If the address is shown in full, don’t be a lemming, look before you leap and read it.

reply@microsift.com and reply@amazon.gimmedamoney.com should give you pause. You did read examples 1 and 2, didn’t you? Gotcha. AJS