7 Email Fraud Red Flags

December 7, 2016

Email scams are far from a thing of the past.

When someone sends an illegitimate email it is called social engineering. Many times, these social engineering cons rely on your willingness to be helpful. These emails can be crafted to look like they are from a coworker or even the CEO and the email convinces you they need help with an urgent problem without you even realizing the email red flags.

Unfortunately, this tactic works too well. Millions of dollars every year are lost by businesses due to social engineering. With small businesses being the target of 71% of all data breaches, it is imperative to educate your workforce on what an illegitimate email looks like. They are your best chance and the first line of defense against social engineering.

There are 7 main red flags you can hone in on to make sure you are not opening yourself up for a cyber attack.

  1. From

If this seems suspicious for any reason, simply don’t open the email. Look out for people in your own company you don’t usually communicate with and people outside of your company without being related to your job responsibilities. No business relationship or past relationship should be a red flag to you especially if the email is unexpected or unusual.

  1. To

If the email is sent to a weird mix of people in your organization or you are CC’d and you don’t know anyone else the email is being sent to, it is likely an illegitimate email.

  1. Time Stamp

Sometimes a legitimate email comes through late at night when a coworker is burning the midnight oil, but if you don’t know who sent it AND it was sent at an odd time, say 2 a.m., don’t risk opening the email.

  1. Subject

If the subject doesn’t make much sense to you or doesn’t pertain to your job responsibilities, that could be a red flag. If the subject doesn’t match the content of the email, that is an even bigger red flag.

  1. Content

If the content seems pushy and the sender is asking you to take action to avoid a negative consequence, especially if you must act quickly, that could be a red flag, especially when combined with any of the other red flags already listed. If the content has spelling errors or poor grammar, that is another red flag. The content of a social engineering email might even seem like blackmail – asking you to look at a compromising or embarrassing picture of you or someone else you know.

  1. Attachments

Most people know by now that you don’t want to open any attachments that you are not 100% sure are legitimate. If you were not expecting it, it is not from someone you know, it makes no sense in relationship to the email’s content, or it seems in any way odd, do not open it. Only one file type is always safe to click on -.TXT.

  1. Hyperlinks

A great way to tell if a hyperlink is legitimate is to hover over it without clicking and see if it is linked to a different website. For example, the link shows up in the email content as www.buynow.com but when you hover over it the link shows up as www.www.seemerun.com, that is a big red flag. This mismatch is meant to mislead you. There are also hyperlinks that appear very long without giving you any further information that are illegitimate. If a hyperlink is misspelled, such as “pmcbank.com” versus “pncbank.com” that is another red flag.


Some or all of these red flags could be in a social engineered email meant to get you to click, open, respond, or do something else that will open your company up to a cyber threat. Sometimes it isn’t for months that you may realize something is amiss. Little by little, hackers could be gathering information in order to strike after accessing your network. Be careful with emails and when in doubt, delete.