At signFrom time to time, I get a phone call from one of my computer support clients asking whether an email they have received is genuine or a scam (eg a phishing email). Quite often, they will forward the message to me for my comments

Checking back on nearly seven years of blog posts, I’m surprised to find that I don’t seem to have covered this issue specifically before, so here’s a list of some of the pointers I look for in deciding whether an email is likely to be genuine or not:

  • The “From” address looks dodgy. If, for instance, you receive an email from “” then that’s likely to be fake as the UK domain for Amazon is “”. Another common trick is for the domain of the sender to be spelled very, very close to the spelling of a “genune” sender (such as “”. Unfortunately, even if the sender’s email address does look correct, it doesn’t need to be as it’s possible for anyone with the right knowledge to “spoof” an email address – ie make it look as if an email has come from an email address other than the actual sender. There’s nothing you can do about a spoofed sender address: just be vigilant.
  • The email includes an attachment. Always be very very careful about opening any attachment that you were not expecting. An attachment can look like anything (eg “Claim Your Prize.pdf”) but, in reality, be something else (eg “nastymalware.exe”). A common way of getting people to open hazardous attachments is to pretend that the attachment contains private information that has been sent to you in error – eg “companypayroll.xlsx”. They are relying on your nosiness to cause you to open something nasty that you think was sent to you in error.
  • The email includes logos, or styles or “house colours” that don’t look quite right in the context of who is supposed to be the sender. A genuine email from a reputable organisation would never get its own logo wrong (eg the shape, or the resolution).
  • Thief

  • The style of the English is stilted or strange, or words are mis-spelt or mis-used. Yes, I know that genuine, national institutions, are far from perfect in their use of English (I’ve seen rogue apostrophes in BBC content!), but I’m talking here of something more blatant. The worse the English, the less likely the email is to be genuine (assuming, that is, that it is purporting to come from a reputable organisation and not an individual).
  • If there appears to be a dire threat either stated or implied, then the email could be suspect. Think about it: if you’ve been spending megabucks with Amazon over the years, they’re hardly likely to want to lose your custom, so an email that threatens “confirm your password now or your account will be closed” would hardly be the best way for Amazon to behave towards a valued client.
  • On the other hand, if an email includes an offer that seems to be too good to be true, then it almost certainly IS too good to be true.

If you have any doubts at all about the bona fides of an email then do not click on any link in that email. Clicking on a link in a suspect email could take you to anywhere in cyberspace that the sender wishes to send you. You could end up downloading malware onto your computer: you could end up on a website that looks genuine but isn’t (where you end up divulging a username and password – or more).

Hooked iPadInstead, contact the supposed sender by phone, or via their website. Access their website in the way that you normally do – not by any link within the suspect email. By the same token, do not ring any phone number quoted in the email. Verify by other means the true phone number of the purported sender. Do not be embarrassed to phone the organisation to check whether the email did come from them. Do not feel that you are wasting their time. If someone is using their reputation to try to con you then they want to hear about it. You look much less daft checking that something is genuine than clearing up the mess if you went ahead regardless and fell into something nasty.

Although I don’t seem to have covered this topic directly before, I’ve come pretty close: there are some links below. I don’t apologise for including the link to my blog post about the “Microsoft Support scam”. People are still getting caught out by unexpected phone calls from scammers pretending to be from Microsoft.

Telephone Scams

Spear Phishing

GameOver, Zeus and Cryptolocker

Is It Safe to Download a File?

Ever had email messages bounce back to you when you didn’t sent them in the first place?

Spoofing - pretending to be someone elseFrom time to time you may receive emails that appear to be notifications that an email you have sent could not be delivered. You may quite possibly receive several of these in a short space of time. This is a rather puzzling and disturbing phenomenon. Your first reaction is, quite possibly, to think that your email has been hacked and that someone is sending messages from your account. It is definitely worth changing your email password just to make sure that the account is still secure. If you can’t get into it because the password has been changed then you are in a spot of bother and you will need to contact your email provider (Gmail, or Hotmail, for instance, or your own internet provider if you use their mail servers).

Another possibility, though, is that your account is still intact and that what has happened is that someone is sending out emails from somewhere else and pretending that they came from you by changing the “from” details in the header of the email. This is called “spoofing”. They have “spoofed” your email address.

How can this happen? It could be that someone that you know has had their email hacked. Your email address has been stolen from that person’s email. The hacker then sends out emails to the email addresses found in the account, spoofing the sender’s name by taking one of the addresses found in the account (in this case, yours).

If the hacker steals, say, 50 addresses, and sends out emails to all of them then 10 may bounce. Those bounces will come to you and you will wonder what’s happening. The phenomenon of receiving bounces in this way is known as “backscatter“. So, “backscatter” is a by-product of someone “spoofing” your email address.

This is not the only way that it can occur. You will send your email address to many people over time. If you’ve created an account on a website, for instance, and given your email address (possibly as the username for that website) then your email address can be stolen if that website is hacked.

What can you do about it? There’s no way that you can actually prevent it from happening. After all, you don’t have any control over the many individuals and organisations that have your email address – legitimately or otherwise.

No SpamThere are some things you can do, however, to mitigate the problem. To begin with, register a “disposable” email account with someone (Gmail or Hotmail, for instance) and use that email address for unimportant logins that you could afford to lose. Then, if that account starts getting overwhelmed with backscatter (or, indeed, other forms of spam), you can just stop using it.

If you have your own website, it is a good idea to publish a contact email address on the website that is disposable. The email address I publish on my website is only used on the website. If I start getting inundated with spam to that address (including backscatter), I’ll simply change it for another one and not check for email addressed to the older one any more.

Abine - Masking Email AddressAnother thing you can do is to use the services of a site such as DoNotTrackMe. Using the email aspect of that service you can use a unique, disposable, email address when signing up for an online account. Email to that address is forwarded to you and the sender never knows your real address. If you start getting spammed or get backscatter you simply stop the emails to that address from being forwarded to your real address. I’ve been testing this for a month or two and it seems to work. I must confess, though, that I feel a bit queasy about it as I’m depending on the service provider always being there and continuing to forward masked email to my real address.

In practice – although I can’t understand why this should be the case – it seems to be usual for backscatter to happen only occasionally. You would think that the problem would get worse and worse as the bad guys keep re-using your email address, but it doesn’t seem to happen that way.

It could be that just understanding what is happening when you get backscatter will be enough for you to accept the minimal nuisance of it happening to you, without getting too paranoid about your cyberlife. In other words, just doing nothing except deleting backscatter as it arrives may be the best policy.

© 2011-2019 David Leonard
Computer Support in London
Privacy Policy Suffusion theme by Sayontan Sinha