Skip to Content
© Nicoelnino |
Security & privacy

5 subtle clues that email is really a clever phishing scam

Presented by StartMail

Presented by StartMail

Don’t trust Big Tech with your data and privacy. Go to today for a seven-day free trial and 50% off your first year.

Bad actors on the internet want to get close to you in any way they can. After all, it’s how they can slip their hands into your pockets. Phishing scams are an especially popular way cybercriminals come into contact with you.

According to the FBI’s Internet Crime Complaint Center, people like you lost $57 million to phishing scams in 2019. With so much money to be made, there is no way they’re stopping anytime soon. One of the easiest ways to reel in a victim is through their email inbox, so you should research the signs of a scam before you lose a single penny.

There are obvious signs, like grammar mistakes or hovering your mouse over a link to see if it redirects you to a shady site, but scam techniques are becoming more sophisticated every day. One con even turns the tables and fools you into calling scammers. Here are five giveaways that are easy to miss.

This privacy tip uis brought to you by our sponsor, StartMail. Read to the end to see why StartMail’s privacy-first email service is Kim’s pick.

1. The email isn’t addressed to you

This detail is small, so you might overlook it. When dealing with a suspicious email, always check the sender. It might be addressed to an email you don’t even own!

For example, I received a fraudulent UPS email addressed to Here’s the rub: I don’t use that email. Check it out:

Since I wasn’t the primary recipient — and I wasn’t Cc’d — that could only mean one thing. The sender input my actual email into the Bcc field, which let me know this was indeed a scam.

That’s because people who have been Bcc’d can’t see who else received the email. To put it simply, a scammer can put dozens of emails into the Bcc field, and the recipients will be none the wiser.

That means the scammer can send out mass emails, casting their net as wide as possible. They’re hoping someone won’t notice that they aren’t the primary recipient. They’re hoping you will fall for their trick, hook, line and sinker.

2. Someone sends you an email, but it doesn’t sound like them

Tone is hard to tell over text, but once you have exchanged enough emails and texts with a coworker, you start to understand their typing style. Maybe they never use periods, or they like to use emojis when they message you. Either way, everyone has their own writing style.

That’s why a sudden shift in tone should raise a red flag. Maybe someone who is always informal and silly suddenly sends an email saying, “Please respond immediately.” If they have never said anything like that before, that might be because someone is pretending to be them.

On the other hand, if someone is usually professional and cold, you should be wary if they suddenly send an email with a ton of emojis. For example, I once worked with a person who never used emojis. One day, I got an email with the subject line, “Hi, hun! 💖”

Immediately, I suspected foul play. I sent her a text asking if she sent me an email with the subject line, and she said, “Absolutely not.” Just like that, I nipped a phishing attempt in the bud. It’s common for scammers to masquerade as coworkers.

To spot these schemes, look for signs of urgency. Is the email trying to stress you out and make you feel like there’s a time limit? Is it demanding immediate action? If so, that could be a manipulative ploy to get your guard down. Tap or click here for more ways to spot phishing emails.

3. Be suspicious of any email with an attachment

It’s not unusual for a coworker to send you an email with a document, picture or PDF attached. But they usually only send it after a prior conversation. Maybe you had a video call and they said, “I’ll send that to you.”

But if a coworker sends you an email with an attachment out of the blue, watch out. That could be a sign a criminal has stolen their identity.

If you’re lucky, your email inbox might alert you that the attachment is suspicious or unsafe. Unfortunately, it’s all too common for malicious attachments to breeze past email filters. Document-based malware is a huge threat that spreads easily.

For example, one Microsoft Word scam can unleash havoc upon your hard drive. Tap or click here to avoid falling victim to this nasty trick.

Often, cybercriminals give these dangerous attachments innocent file names. For example, a PDF that could break your computer if you click it may be named “Invoice,” “Receipt” or “Spreadsheet.” Hackers want to disguise dangerous files as documents you expect to receive from coworkers.

When in doubt, reach out to your coworker. Call them over the phone or use an official company directory to find their contact information. (If you suspect an email is fraudulent, don’t use any contact information it lists. It might send you straight into a scammer’s web.)

4. A company requests info from you via email

You get an email from Netflix, Amazon or another company you have an account with. It says it has noticed some suspicious activity, like multiple login attempts or an issue with your payment information. It might even claim you are eligible for a refund or a relief payment.

Everything looks normal: There’s a professional header and there are no errors in the grammar or punctuation. So when it asks you to reply to confirm your payment details, you may think nothing is amiss. Not so fast.

If this email were real, the company would send you to its website. It wouldn’t ask for an email response. No one monitors account inboxes at big companies like that — unless you’re in a help queue that you requested.

5. Did you win a contest you didn’t enter? It’s probably a scam

You know the saying: “If it’s too good to be true, it probably is.” It’s rare enough to win a contest you actually joined. What are the odds you win one you didn’t even sign up for?

Scammers know the promise of a prize is enough to get your heart racing, and emotional manipulation is their bread and butter. So if an email says you won an iPad, a car or any other gadget, it’s probably a bald-faced lie.

Here’s another sneaky trick you should watch out for. If you sign up for a contest online, scammers might pose as the prize givers to trick you into giving up your information. Tap or click here to recognize the warning signs.

Bonus: Get an inbox that puts your privacy first

Free email services like Gmail or Yahoo aren’t really free. There’s a big price to pay — your privacy. These free email sites scan, analyze and save details of every email you send and receive, giving Big Tech a very intimate and detailed profile of you so they can easily sell your data to the highest bidder.

That’s why Kim recommends StartMail. With StartMail, you can send encrypted emails with one click, even if the recipient doesn’t use encryption. And StartMail never scans or analyzes your emails. Best of all, when you delete an email, it’s gone — forever.

Don’t trust Big Tech with your data and privacy. Go to today for a seven-day free trial and 50% off your first year.

Are you already in the spider’s web? Here’s how to get out

3 immediate steps to take if you fell for a scam 

Fight back: How to report an internet scam

How to freeze your credit for free – and why you should

New eBook: ‘Cryptocurrency 101’

Don't want to lose your dough to crypto? Check out my new eBook, "Cryptocurrency 101." I walk you through buying, selling, mining and more!

Check it out