Spotting Phony Emails

Having worked in various technical positions over the years, I’m no stranger to Email. But I still get questions from people asking if something looks legitimate to me; you probably won’t be surprised that I’ll usually reply “No”.

What follows is going to be an evolving document outlining how anyone can better answer this question for themselves. Let’s dig in.

What matches up?

When we find ourselves in front of a questionable email, a few things are worth checking before replying or clicking on any links in said email:

  • Is the sender someone you know; can you see them in your contacts?

What you can do

  • Report the phony to the person or company they’re claiming to be; some organizations have dedicated lines of support for this. If this is someone you know more personally, tossing them a text asking them to confirm they sent that email could be a way to get to the bottom of this quickly—if not to let them know their account may be compromised.