Common Security & Spam Indicators

Warning Signs to Watch For

1. Unexpected Requests

   • Urgent password/payment requests
   • "Account verification" messages you didn't initiate
   • Requests for sensitive personal information

2. Suspicious Sender Details

   • Slightly misspelled domains (e.g., "paypa1.com")
   • Free email services for business communications
   • Mismatched display name and email address

3. Content Red Flags

   • Poor grammar/spelling mistakes
   • Generic greetings ("Dear Customer")
   • Threats of account closure

4. Attachment/Link Dangers

   • Unexpected files (especially .exe, .zip, .js)
   • Links to IP addresses instead of domains
   • Hover shows different URL than displayed

Fake Sender Alerts

How to Spot Fake Senders

1. Address Mismatches

   • "From" vs "Reply-To" don't match
   • Display name doesn't match email domain
   • Example: Shows "From: Amazon support@amaz0n.com"

2. Domain Tricks

   • Slight misspellings (e.g., "micr0soft.com")
   • Extra characters ("apple-support.com" vs "apple.com")
   • Free email services for business communications

3. Header Inconsistencies

   • Different domains in "Return-Path" vs "From"
   • Unverified sender authentication (no SPF/DKIM)

Protection Tips

• Always check the full email address, not just display name
• Hover over links to see real destinations
• Look for verified sender badges in your email client

💡 Example Scam:

• Shows: "From: PayPal Security security@paypal.com"
• Actually: Replies go to "phish123@gmail.com"

🔒 Safety Check: When in doubt, contact the company directly through their official website.

Technical Warning Signs

1. Authentication Failures

• Missing SPF/DKIM/DMARC records
• "Authentication-Results: fail" in headers
• No verified sender badge in your email client

2. Routing Anomalies

• Multiple hops through unrelated countries
• Unusual delays between server handoffs
• Suspicious IP addresses in Received headers

3. Header Inconsistencies

• Future/past dates in timestamps
• Missing or duplicate Message-ID
• Multiple Received headers from same server

4. Content Issues

• Mismatched content-type declarations
• Unusual character encoding
• Hidden tracking pixels

🔍 How to Check:

• View email headers in your email client
• Look for "Received:" and "Authentication-Results:" lines
• Verify timestamps make sense

⚠️ Example Scam Sign: Email claims to be from US company but headers show routing through Russia and China

Common Spammer Tools

1. Mass Email Software Indicators

• PHPMailer signatures in headers
• SendGrid/Mailgun without proper authentication
• PHP script references in technical details
• Bulky headers with multiple X-headers

2. Spam Framework Signs

• Open-source mailers like SwiftMailer
• Botnet signatures in headers
• Cloud hosting IPs for bulk sending
• Missing standard headers like Message-ID

3. Attachment Red Flags

• Executable files (.exe, .js, .bat)
• Password-protected archives
• Double extensions (e.g., "invoice.pdf.exe")
• Macros in Office documents

🔍 How to Check:

• View full email headers
• Look for X-Mailer or X-PHP-Script lines
• Verify attachments before opening

⚠️ Example Scam Tools:

• "X-Mailer: PHPMailer 5.2.26" (common in phishing)
• "X-PHP-Script: www.scamsite.com/send.php"

🔒 Protection Tips:

• Never enable macros in unexpected documents
• Scan all attachments with antivirus
• Verify sender identity before downloading

Other Danger Signs

• No proper unsubscribe mechanism
• Strange formatting/character sets
• Requests to disable security features
• "Too good to be true" offers

🔒 Safety Tip: When in doubt, contact the organization directly through their official website or phone number - never use contact details from a suspicious email.