Unfortunately, fake emails are part of everyday life for those who send and receive emails. Everyone has to deal with it at some point.

For recipients, an email of this type can be a channel for phishing scams, which access the recipient’s data and make financial transactions on their behalf. In this case, bank and credit card details are the most targeted.

For companies, the fake email may be the carrier of a ransonware scam, which hijacks the data of customers, suppliers and third parties. Once they have the information, criminals demand a ransom in the form of payment.

Recognizing malicious emails is essential to avoid not only cybercrime, but also other headaches, such as the entry of malware to spread viruses.

Check out the step-by-step guide to identifying suspicious messages. Step 6 contains specific recommendations for email marketers. Take advantage of the tips and be safe!

1. Subject lines

The first contact the reader has with an email is through the subject line. This is responsible for prompting the user to open it or not.

That’s why you should pay attention to titles that suggest the user view the message quickly. We’ll give you 3 examples of subject lines that appeal to urgency/emergency:

• Immediate action: your account will be blocked (or your service will be canceled)
• Notice of legal proceedings: case number 984.3298.7243
• Your purchase of R$4,367 has been completed. See here

There is always a sense of urgency, of need.

An exaggerated promise is also very suitable for a fake email, such as participation in an inheritance or an “unmissable deal”. After all, you need to persuade the user to open the message before they realize the intention of the scam!

2. Keeping an eye on the sender

Fake emails don’t come from a real domain. This detail alone is enough for the user to pay attention to the sender’s address.

Criminals often change a letter or use different extensions to the real domain in an attempt to go unnoticed. Here are some examples:

Fake email attempt with sender intending to impersonate Nubank:

• atendimento@nubank.com.br – real domain
• atendimento@nubenk.com.br – fake email (note that a letter has been purposely changed in the domain)

Attempted fake email with sender intending to impersonate the IRS:

• atendimento@servicos.receita.fazenda.gov.br – real domain
• atendimento@servicos.receitafederal.gov.br – fake email (note that the domain is different from the real one)

Important: the emails with existing domains shown here are just examples.

In addition to these checks, also check the sender’s authentication certificate, which is the proof requested by all email providers.

Here’s how to do it from Gmail:

• When you open the message, click on the three dots in the top right-hand corner.
• Click on “show original”.
• On this screen, you can see the “From”. If the email was sent by Nubank, the “From” should contain the name Nubank, right? If this is not the case, it is clear that it is a fake email.
• The last three lines show the SPF, DKIM and DMARK authentications, which certify that the message was sent by the real sender, and not by someone trying to impersonate him. These lines should have the following format: 1st line SPF: PASS | 2nd line DKIM: PASS | 3rd line DMARC: PASS.

Some emails may contain only the 1st line, with the SPF, or only the 2nd line, with the DKIM, but the 3rd line with the DMARC must be present in all of them.

3. What the content of a fake email looks like

The first thing you should look at is the content of the message.

Does the sender request any action, such as sending data? Does it ask you to click on a button or access a link with a shortened URL (or with an extremely long URL that is different from the sender’s)?

There are senders who specialize in generating interactive emails, with games to encourage the recipient to take part in a promotion or marketing action.

However, users should not click on anything until they are sure that it is not a fake email.

To do this, check the sender’s address carefully. And ask yourself the following questions: is this a company you know? Have you participated in any of their actions before?

To prevent malicious emails, also keep an eye on the following communications:

• Request to update your registration to avoid your account being blocked.
• A cloned card warning (so the sender asks you to click on a link that will take you to a fake page. The more daring ones may ask you to contact them via a telephone number).
• Offers of bank loans or investments (when the sender asks you to click on the link to gain access).
• Debt settlement and renegotiation offers. The request is the same: that you click on a link.

Note that, in general, there is a request for access via a link. So don’t click on anything. This also applies to your cell phone SMS and WhatsApp.

4. What a fake email signature looks like

Real corporate emails have company logos next to the name of the person who sent the message.

Pay attention to the footer of messages, especially the logo image, which must be high resolution and not deformed in any way. The presence of any of these elements indicates a fake email.

5. Be wary of attachments

Word documents, PDFs, Excel spreadsheets and any type of image or text can contain malware that invades the computer to spread viruses or worse: gain access to all the user’s passwords.

Among all the attachments, the most dangerous are files with an .EXE extension, since they are used to install programs.

Therefore, before opening an attachment, the recommendation is to follow all the previous steps. And even then, the best thing to do is not to open it.

Use a good antimalware (antivirus) program!

6. How email marketers identify a fake email

There is also another group affected by malicious emails: bulk email senders.

However, for marketers, this type of email has a very different meaning to phishing and ransonware.

Disposable addresses, for example, are fake emails, as they expire after a short period.

Spamtraps also have the same connotation, as they are not created by people, but by email providers with the aim of identifying purchased lists.

Lists containing fake emails are highly damaging to those who work with email marketing, as they are made up of invalid contacts with whom a sales or marketing team cannot communicate.

Email verification solves this problem by removing invalid emails and bounces from existing lists, as well as preventing new bogus emails from coming in as soon as they are captured. In this way, companies and professionals can be sure that their emails are delivered to their recipients’ inboxes and not to spam.

FAQ