Email Scams

This essay is all about just one little bit of advice I’d like to pass on. This advice is from a techie who’s been dealing with email since the beginning of the World Wide Web and before.

When you get an email from someone you don’t know, it’s probably bogus. If it’s from an organization you don’t recognize or don’t actively do business with, it’s probably bogus as well. If it’s on a subject that has nothing to do with you, it’s also likely bogus. You’re welcome to look into each and see if they look real to you, but chances are nearly 100% that they are just enticements to get you to give up personal information or allow someone else control of your computer.

But there’s one kind of email that’s the most important along this line. It’s the kind of email which looks like it’s been sent by someone you know or do business with, like Paypal (a favorite target), or Chase bank or someone with whom you already have a working relationship. What I want to relate to you is really very simple. Let’s say that the email you’re looking at says that it’s from Paypal and that you have a Paypal account (if you don’t have a Paypal account in the first place, you can probably safely delete it). Do you want to know if it’s safe to read it and follow its instructions? Here’s the easiest and fastest way.

In any email client program, there is a way to look at the “headers” of the email. You ordinarily see just one or two of these like the subject, and the designated recipient, etc. But there will be some way of looking at all the headers, and that’s what you want. Those headers will detail where the email actually came from and every machine it passed through on the way to you.

Let me step back here and explain that the email you receive has two parts. The part you’re usually most interested in is the content itself, the message being sent. But there’s an additional part that you normally don’t pay much attention to. It’s the “envelope” part. Yep, there’s a part called the “envelope”, and it contains, among other things, the envelope’s originator and the routes the email has taken to get to you. All of this is contained in the “headers”.

So, back to your supposedly Paypal email. Go into your email program and find out how to make it show you the headers. Now look at the original sender of your envelope. That line will say “From” before it, just like the other “From” that shows up in your email listings. But it may not be the same as your email listings. In fact, if the “From” on the envelope is different than the “From” in your email listings, it is most likely bogus. Now, a legitimate email from Paypal may say “” or something of the sort. In other words the envelope “From” will be somehow related in an obvious way to Paypal. But if your envelope “From” is something like “”, right away you know it’s bogus. Mark it as spam and go on. If the “domain” (that part of the address after the @ symbol) looks queer in any way, and/or unrelated to Paypal or whoever, the email is spam. Mark it and delete it.

Simple. You’re welcome to look all the rest of headers if you like, and try to figure out what they all mean. But that first “From” is the key one that will tell you right away if this thing is bogus or legitimate. Most spammers either don’t masquerade this “From” because they don’t know how, or because they don’t want to take the time.

It’s also worth noting that almost all these spam email convey the message that they want you to do something, and will provide an attachment or instructions to follow, or both. If for any reason you suspect the email isn’t legitimate (including gut feelings, hairs on the back of your neck or whatever), contact the company directly. You’ve done business with them before, so you know their web address or phone number. Bypass this email and contact them directly and ask if this email is legitimate. Ninety-nine percent of the time, they’ll tell you it’s not legitimate, and how you can tell if an email from them would be legitimate.

That’s really as simple as it gets. Turn on headers and check the envelope “From”. If you do this for a while, you’ll be amused at the domain names used to try to scam you. You’ll also become an old hand at spotting the scams quickly.

And remember, I’m talking about entities with whom you have an active working relationship. Emails from “Cryptocurrency” or “Visa Platinum” or “Penis Enlargement” are clearly bogus. You needn’t worry about their headers unless you’re just curious. You can safely delete these regardless.