Spot the Fake Email

Many fake email messages try get you to click on a link that takes you to a web site that will try to do bad things (nab your passwords, steal credit card numbers, install malicious software). 

A good rule to follow is never click on a link in a email message, but let’s be honest: we all click on email links when we think we know better.

Learn to spot the fakes and you’ll be much safer.

I recently got a fake Apple email that has several warning signs:

  • Close-but-not-quite-right sender’s email
  • Subject line that makes you panic
  • Not addressed directly to your email address
  • Slick images are old or for the wrong department
  • Salutation does not include your first name
  • Typographical errors
  • Grammar or usage errors, especially errors common to non-native speakers (missing “the”, for example)
  • Mistakes in layout (a closing line with a comma but no signature)

If you spot a fake email, it helps everyone if you report it to the company that provides your email. Usually this is as simple as forwarding the message to a special email account. Most companies use abuse@ their domain name to accept reports.

For example, if you get one of these malicious email messages at an Apple-provided email address (like me.com or icloud.com), forward it to reportphishing@apple.com or abuse@icloud.com. Read more at Apple's support article "Identify and report phishing emails and other suspicious messages". 

Google requires that use their tool to report, which means you have to log into your Gmail from a computer.