One of the problems with identifying fraudulent email is there isn’t one “sure” way to know. There are a
lot of different clues to use to decide if you think an email is a fake.
One of the surest indicators can be the true address of any links in the email. If the link visibly isn’t the official website, like an email supposedly from “Investment Company” has a link that says http://bixszceary.pke.pl/signin.exe, it’s pretty easy to tell the email is a fake. But what a link says in the email may not be where it’s actually going.
In many email programs, if you put your mouse cursor over a link—don’t click, just place the cursor over the link—you’ll see the real address. In Thunderbird it’s in the lower left hand corner of the window. So if the link in the email says "http://www.investmentco.com/signin.php", but you hover the mouse cursor over the link and see "http://www.srmt.investmentco.com.wixsrt.com/signin.php" in the lower corner you know this isn’t legitimate. Even though “investmentco.com” appears in the address, since there is more after “investmentco.com” but before the / means that’s not where the link is going. It’s the last bit of the address before the / that determines where the link is actually going. This link actually goes to “wixsrt.com”.
Another quick and easy test is if the email is supposedly from a business/bank/organization you don’t deal with. Back a few months ago I received a rather professional looking email supposedly from an investment firm telling me about a problem with my account. But it’s a company I’ve never dealt with in my life so that was a mark in the fake column.
Third, if the email asks for personal or account information, put a mark in the fake column. For the most part, legitimate emails don’t ask for account or personal details. Most companies have realized this isn’t a good idea.
Another clue can be in the To: and From: addresses. If the address in the To: field isn’t your email address and/or the address in the From: field doesn’t fit the supposed sender of the email, like an email supposedly from Microsoft having firstname.lastname@example.org as the sender, it’s a mark in the fake tally. If the address in To: and From: are the same, it’s another mark under fake. On the flip side however, having your email address in To: and legitimate looking address in From: is not actually a point in the legit column.
General rule: If you think an email is legitimate, but you’re not certain, give the company in question a call or log onto your account on their website using an address or phone number you already have for them. Do not use any of the links or phone numbers from the email.