Spotting bogus emails

By Martin Edwards

Published March 2017, last updated January 2018

Email has its origins in US military and academic institutions of the 1970s. The network was private, and its users were known and trusted, so it didn’t need to be too secure. Its creators could hardly have predicted that this simple system would survive largely unchanged into the 21st century and become an essential part of our lives.

Simplicity, openness, and the fact that it’s free are some of email’s greatest strengths, but they also leave it open to abuse. We’ve all faced the challenge of trying to tell whether a message is genuine, knowing that a bogus message could lead to identity theft, financial loss, or damage to our computer. With a little knowledge, you can protect yourself well from these threats.

Safety first

In the past, poor software design meant it was advisable to not even open suspect messages. This has been fixed. Nowadays, opening any email is generally safe.

Instead, the dangers lie in:

Check the From address

A simple email comprises a To and From address, subject and body. It’s easy to spoof the From address; in other words, anyone can send a message purporting to be from any address. So bear in mind that, for example, a message from may not really be from BT.

This might sound like an unforgivable shortcoming, but consider that the postal service is the same: I can write to you and put someone else’s address on the back of the envelope.

The good news is that many bogus email senders don’t spoof the From address, or spoof it to something that’s a blatant giveaway that the message is bogus.

This is perhaps thanks to the increasing adoption of systems that designate certain servers as the authorised email senders for certain domains. Modern providers like Gmail and Hotmail use this information to identify spoofed From addresses and mark messages as spam.

So if you suspect a message is bogus, check its From address. If for example the message is about your Amazon account, but the From address doesn’t end in something like, alarm bells should ring.

Unfortunately a lot of email software now hides the From address to begin with, instead showing just the sender name. The sender name is useless because bogus messages almost always spoof it (e.g. ‘Barclays helpdesk’). So ignore the sender name, and learn how to reveal the From address in your email software. Often, you do it by hovering over or clicking the sender name.

Check the destination of links

To achieve its aim, a bogus email might for example tell you that someone has hacked into your Facebook account, and have a link saying ‘click here to change your password’. You needn’t take chances with these links.

In Safari on Mac, you need to click View > Show Status Bar to enable this.

Learn how to interpret an address to decide whether or not it’s genuine.

Here’s a typical address:

As far as determining its legitimacy is concerned, there are only two parts that matter:

That first slash is vital. Look carefully at this address:

At a glance it looks like a BBC article, but there’s no slash after — the hostname continues, in this case to the end of the address. It’s an elaborate hostname that in fact resolves to the server hosting this website, I could put up a page there mimicking the BBC but with a side helping of malware!

In the above example, the address of the genuine article would have a slash immediately after the BBC’s hostname:

The key is to read a hostname backwards from the final slash – or the end of the address, if there’s no slash – as it’s the right-most part that gives it away.

Finally, it’s important to note that a link may be made to look like an address that’s different to its actual destination. Hover your mouse over the following example – or long-press on a phone or tablet – to see what I mean, or click to see where it takes you (it’s harmless, just not what you’d expect):

Check for bad spelling or grammar

A common sign that a message is bogus is bad spelling or grammar. In the heat of the moment it may be easy to miss, but it’s often the most obvious clue, so take your time. For example:

My customers often forward me suspect messages, asking if they’re bogus. Of those that are, almost all contain simple giveaways like this.

Of course, a genuine sender may make a spelling mistake, and conversely, a scammer may write perfect English! So there’s no definitive rule here.

Need help?

I’m a computer technician and tutor serving North Oxford, Kidlington, Woodstock and the surrounding villages. Visit my home page to find out more and get in touch.