How to detect E-Mail Scams (Phishing)

What do the following 5 e-mails have in common. (click any of them for bigger versions)

example #1

example #2

example #3

example #4

example #5

They are all fake, bogus, not really from Paypal, Amazon or Wells Fargo. They are e-mail scams. Sending of this kind of e-mail is called "phishing" as in fishing for suckers.

I get a at least a couple of these every week and because I'm a computer geek I know how to tell that they are fake but I suspect most people don't including many of my friends and family. It really sucks that the net makes it so easy for bad people to screw over good people but that's they way it is for now.

Microsoft, Google, Yahoo and many others are working on solutions but in the meantime, hopefully the instructions below will help you avoid getting taken in by these phishing scams.

The first thing to look at is the To address. In my case, my Paypal account is not registered to or so clearly this is fraudulent mail. For those of you that use only one e-mail address you're unlikely to get that lucky. Most likely your real e-mail address will appear there but if it's not the correct e-mail address you already know it's fake. Delete it.

Now it gets more difficult. What you have to do is check if the link in the e-mail actually goes to the site it claims it's from. The link might appear to go to Paypal but what it shows and where it actually goes are separate things.

The first thing you can check, especially if you are using web based e-mail, "hover" the mouse cursor over the link. Your browser *might* show where the link goes in the status bar of the browser

Here we can see that link is not going to Paypal. It's going to some site called Clearly this link is fake.

Unfortunately, even if it said in the status bar that doesn't mean the link would actually go to Paypal. There are ways of hiding that. In other words, this step might tell you immediately if the link is fake but if looks like a valid URL you still have to dig deeper.

 In most e-mail programs and e-mail websites you can right click on the e-mail and pick "View Source"

This will bring up some kind of program that shows you the codes used to display the e-mail you are looking at. It will most likely look like lots of gibberish. You need to search for what you see as the link. In the case of example #1 above I searched for "Click here"

If it doesn't find it you can pretty much be sure the mail is fake. In my case it found it.

Now, we have to look for the part just before that that says href=

and to the right of that we see the actual link

Again, it's not Paypal so this is fake. In the case of examples #2 and #3 above they show links so I searched for part of the link ("https://www.paypal")

I found it here and what do you know, the actual link goes to some site called Yes, some asshole is trying to rob me again. 🙁

Note that you still have to be careful because the link might only be subtly fake. I've seen links like or other convoluted things that try to make the link appear real.

Unfortunately it gets worse. It's possible for that even if the links look 100% correct the e-mail is designed to take you somewhere else. Technically e-mail links can be programmed to so that when you click the link a small piece of code runs. That code, instead of going to the link you see specified can take you to some other link instead and unfortunately there is no easy way to look that kind of hack up. Most e-mail programs attempt to remove those hacks. For example a full up to date and patched Outlook will tell you the e-mail has scripts in it. Scripts = code. If it says this you know the e-mail is fake. No legitimate e-mail has scripts in it.

For gmail and Yahoo mail they both attempt to delete the scripts from the e-mail but there is probably a way around most of them.

The best advice is, first, if it's not important, ignore the e-mail. Otherwise, if you are concerned and if you've followed all the steps above and the mail looks like it might actually be legit, don't click the link. Instead, manually launch a browser window, go directly to the site yourself, log into your account for the site in question and ask their customer service directly if there is something they need to talk to you about.

(the e-mail addresses above have been changed and are not real)

  • mark

    I very nearly got nailed by one of these scams. I gave them everything they needed but then immediately e-mailed the ACTUAL eBay to clear up the “confusion”. They stopped my account and told me to change all my passwords. Close call!

  • Leo

    I have yet to see my accounts on any of these sites threatened with termination if I didn’t update them. Plus, if I ever have any doubts about the legitimacy/illegitimacy of these types of emails, I don’t use the links embedded in the email. I just manually enter the main address in my browser.

  • Not even that hard to avoid…

    I hate to put down your attempt to help, but my mother’s eyes would glaze over trying to show her how to check source, links and header info.

    The simplest way to avoid getting scammed is NEVER use a hyperlink from one of those emails.

    Example: You get an email from PayPal, to your correct email address, saying there’s a problem with your acount. Well then, open a browser, type in , then log in and see if it’s true. If it is, then there will be a notification somewhere. If the email was fake, then your account will look normal!

    Same applies to all other potential scams: Ebay, Online banking, etc. Just log in manually like you normally would. If you still have doubts, contact customer service by phone.


  • You’re right.  I didn’t really mean for it to turn into a “you should do this”. More so I just wanted to post that most of those kinds of e-mails are fake even though they look 100% real.  I have a feeling my Mom, Father and Sister don’t know that and I suspect most non-geeks would not know that either. Of course maybe this is on the news daily and I just don’t know it.  I also wanted to post actual pictures of the emails since searching the net, none of the articles I saw about it showed actual examples.

    I should probably re-write it but I’m lazy :-p

  • Gahhh the speed-reader strikes again.

    … Actually Gregg, I skimmed your article and didn’t notice your last paragraph! You *do* tell people to go straight to the browser. MY BAD! I apologize…

  • dana
    scams in my e-mail

    hey mr greggman, know anything about e-mail contest scams one call thunderball jackpot. very concern if this one is legit or not. worried in chicago

  • pjk
    Abdule Hameed

    is this a name that sound familiar that could be a scam? I dont know anyone by this name and so I didnt open it.. I spammed it.

    but I keep getting other names too.

  • كازينو

    Hi guys, tried loading this blog through Google RSS reader and got a strange error message, any ideas what could be the issue?

  • Pingback: How to detect the Phishing Email? « Chandradev's Blog()