By now, many of us have been the unsuspecting recipient of an email message from an individual, or (supposed) business asking us to “click the link below” to resolve a pressing matter. Or, we received a business opportunity that seems too good to be true; such as the following real-life example:


I am ready to make payment now with my credit card, but I will need a Little favor from you and the favor is that I will send you my credit card to charge for the sum of $6,450.00 plus 3% cc company charges. You will deduct $3,250.00 as deposit for the design of the website plus extra $200.00 as a tip for handling perfect work for me and you will send the remaining $3,000.00 to the project consultant…

The problem is, there is no project consultant because this is not a legitimate business opportunity. Unsuspecting business owners and individuals alike are frequently caught off-guard and may not realize what is happening until it’s too late. Here’s another actual example of a common scam that has been circulating for the past few years:


Good Day, Am Rickson Smith i am an hearing impaired.i wanna know if you can handle website design for a new company and also if you do you accept credit cards ?? kindly get back to me ASAP so i can send you the job details…

Both of these examples are attempts to launder money by requiring a business work with an unnamed individual identified only as a “project manager” or “project consultant” to receive money for handling portions of the job.

So how do you identify email scams and what can you do to prevent them from occurring? By becoming informed of some common red-flags indicating potential email scams and by following simple, best-practices below, you can help to ensure that your time, money and sensitive information is safeguarded.


Red Flags for Suspicious Email

  • You receive an inquiry from a startup business claiming to be located outside the USA, with a contact/agent/go-between in the USA
  • The inquiring party offers just enough information to make it sound like a legitimate business inquiry
  • The inquiring party asks right away if you accept credit card payments
  • The inquirer uses poor (English) grammar
  • You receive no response to direct questions about the opportunity, and the inquirer is vague about details
  • The inquirer is eager to pay you
  • You are requested to refund the overpayment to the sender or their agent through Western Union (if money orders) or another means.

Don’t Bite the Hook – What to Do with Suspicious Email

Sage advice in life and with suspicious email – when in doubt, don’t; don’t click links, don’t respond to the sender by email or phone, and do not under any circumstances download or open attachments that may be connected to a suspicious message.

To help you verify who a message really may have come from, here are a few things you can do.

View email headers

A typical email header displays several lines that begin with “Received.” Note the last “Received” line; this line will look something like this:

Received from (123.456.789.101)

If the “Received from” information does not match the email address of the sender or the company being represented in the email, it usually means that the message did not truly come from that individual or company.

Check the Links

Depending on your operating system and email client, you can usually hover- over (but don’t click) any link in an email, and you will see a pop-up that shows you the actual URL that you will be taken to. Here’s an example:


You can clearly see that the visible link and the real link do not match—be careful. If the URLs in your email do not match, or the second URL is not from a domain or company you are familiar with, this is a good indication that this is a phishing email.

Check that the website you’re accessing is legitimate

If you think the URL is legitimate and you click on the link, you can still check that it’s a trusted website and business. Modern browsers like Safari 5, Firefox 7, Google Chrome, and Internet Explorer 10 display the company name in green if the site has been issued an Extended Validation (EV) Certificate and is a legitimate website/business.

Note the email greeting

Phishing emails tend to start with generic phrases like “Dear valued customer” or your email account name, such as “Dear snookums123,” instead of your name (“Dear Emily” for example). Most legitimate companies include your name in their correspondence because companies will have it on record (if you’ve dealt with them before).

The message arrived at a different email address than the one you gave the sender

If the sender sent the message to an address that was not the one you provided to the company, this is usually a good indication that the message is not legitimate. You can usually verify what email address a company has on file on their website (just be sure to go to their real website instead of following any links in a suspicious email).

Take Action to Avoid Suspicious Email

Check out these awesome cyber-tips developed specifically for small businesses! Be informed, be proactive, and stay safe online.