Technology Blog

Technology Blog

facebook google plus google plus twitter

Anatomy of an Email Scam

Steve Morrin, Feb 07, 2017

 You Have Mail !

Take a look at the email scam below sent to one of my clients recently. At first glance, it appears to be a legitimate warning from the email system that the mailbox storage is almost full. However, like the majority of similar scam emails, it includes several tell-tale signs that it is fake.

Screenshot of an email scam

Sample Scam Email

Email Scam giveaways:

Sender Address

Look at the sender address. If this was legitimate, it would come from your company’s email server so, for me, this would be But, in this case, it comes from – not only is this just a generic “domain”, it isn’t even spelled correctly.


Notice the greeting is to “Dear” and then your email address. This is because the scammer doesn’t know your name or anything else other than your email address. When the greeting is like this or a generic greeting like “Dear user”, alarm bells should always start ringing.

Take Action

The objective of the email scam is usually to trick you into clicking on a link to carry out their dastardly plan so something like “CLICK HERE TO VERIFY” is always included. Never click this but if you hover the mouse pointer over the text of a link like this, it will show the underlying URL or web address it is going to take you to. Again, you would expect this to be something related to your business domain name or one of the big email service providers like Microsoft or Google but not some random domain as is the case here. Of course, if you think about it, why would you need to verify that your mailbox is nearly full anyway?! Scammers are hoping they will spur you into action by fear and a sense of urgency – you must click here now!

The underlying URL from a link in an email scam

Underlying Web Address

In fact, all of the links in the email try to take you to unsavory places – hovering over them is the way to see the real underlying web address regardless of what the text actually says.

Anyone can copy text

Finally, the text at the bottom in the email scam has usually been copied from a legitimate email or website to make it look authentic but you cannot rely on this authenticity. In this case, they have chosen to mimic Google so unless you happen to use Google as your email provider, this is another clue that this is an email scam. When in doubt, do not click on any links or following any instructions from an email like this. Lookout for the tell-tale signs and, if necessary, contact your IT administrator. If you think it might be legitimate and is asking you to login to an account such as PayPal or Apple or Dropbox, don’t click on the link included. Instead, open your browser and type in the address of the site directly and login to your account from there. That way, you can be sure you are logging into the real site and not making the scammers day.

Copyright © 2024 Sorrin IT. Web Design Dublin by Juvo.