Currently, email is a ubiquitous tool that is used for everything, from communication to managing any part of your life—travel, work, shopping…—.

Its convenience and usefulness are undeniable, but unfortunately, so are the associated risks.. One of the most annoying and common threats online are scam and phishing emails. These deceptive emails have become a sophisticated form of digital fraud that can have quite negative consequences for those who fall into the trap.

You must first start by understanding what exactly scam emails and phishing are. These terms are often used interchangeably, but They have specific nuances that are important to understand.

Scam emails are fraudulent messages designed to trick you into divulging sensitive personal or financial information. Phishing, on the other hand, is a more specific form of scam that involves identity theft. Scammers impersonate trusted entities, such as banks, companies, or government institutions, to obtain your private information.

“Some of the most used tactics of this type of fraud are ‘deceptive phishing’, in which cybercriminals impersonate a company, government services or associations to deceive victims. They usually contain a call to action: usually “It is something that makes the target react, either out of fear or a certain sense of urgency,” Aurora García, senior intelligence analyst at Entelgy Innotec Security, explains in an interview for Computer Hoy.

The deception in your inbox: how to identify emails that want you to fall into the trap

1. Analyze the sender

The first step to identify one of these emails is check who sent it. Cybercriminals often use fake or misleading email addresses that pose as legitimate companies. Pay attention to the following aspects:

Email Address: Examine the sender address. If it looks strange or contains spelling errors, that’s a red flag. For example, “service@paypal-security.com” could be false, since PayPal generally uses “service@paypal.com.” Sender Name: Sometimes the sender name may seem legitimate, but if the email comes from a company you weren’t expecting, be cautious.

“The first thing we have to evaluate is the “surprise” that is, it is an email whose content surprises us, which is a sign that we have to refine our attention. Subsequently, we have to make sure that the email belongs to the sender and “It is not a false impersonation. If we are not sure, it is best to contact the company that sent the email or its customer service on its website,” adds the expert.

2. Check the URL of the links

Phishing emails often contain links that direct you to fake websites. Before clicking on a link, hover over it—without clicking—and look at the URL displayed at the bottom of your email window. Here are some guidelines:

Typos or subtle changes: Scammers often use URLs similar to the real thing, but with minor differences. For example, “www.bancosantader.com” could be spoofed as “www.BancoSantader.com.” Secure Protocol (https): Make sure the URL starts with “https://” instead of “http://”. The “s” indicates that the connection is secure. Correct top-level domain: Verifies that the top-level domain (for example, “.com” or “.org”) is the correct one for the company or service it supposedly belongs to.

3. Examine the content of the email

Scammers try to create emails that look authentic. Here are some signs to pay attention to in your content:

Request for personal information: Be wary of emails that ask for personal information, such as passwords, credit card numbers, or social security numbers. Legitimate companies rarely ask for this via email. Grammar and spelling errors: Phishing emails often contain grammatical or spelling errors. If you find a lot of them in the mail, it’s a red flag. Threats or excessive urgency: Scammers often pressure you to act immediately, such as “Your account will be locked within 24 hours if you don’t click this link.” Take your time and verify authenticity.

“If we consider the email good, but it is an atypical communication, we will always seek more information before taking any action on it. If you are at work, contact your immediate boss or investigate whether the origin is safe. The performance is the same whether the email is addressed to one person or a group of them,” says Aurora García.

4. Check the authenticity of the company

If you have concerns about the legitimacy of an email, take additional steps:

Don’t click on links or download attachments: Instead of clicking on a link in the email, visit the official website of the company or service using your browser. There you can verify the information. Contact the company directly: If you have questions about an email, find the company’s official contact number on their website or a trusted source and call them to verify the authenticity of the message.

5. Use security tools

To strengthen your defense against emails that want to scam you and phishing, keep the following tools and good practices in mind:

Antivirus and antimalware software: Install a reliable security program that can detect and block malicious emails. Spam Filters: Set your email to automatically filter suspicious emails to the spam folder. Two-factor authentication (2FA): Enable two-factor authentication whenever possible, as it provides an additional layer of security. Keep your software up to date: Make sure your operating system, browser, and security programs are always up to date with the latest versions and security patches.

As you see, Prevention is key when it comes to these types of common scams. By following these guidelines and being alert, you will at least reduce the risk of falling into an online trap. Remember that security is vital, and taking measures to protect yourself and your information is essential today. Don’t let them sneak it in this way.

“Traditional dissemination has helped us a lot, but the results show that it is not enough, so we have to see how to reach more of the population and make them aware that although the Internet is a great place to learn, be entertained or get to know people, like any place in the world, has its risks, which must be known and avoided,” adds the expert.

“As happened in the past with road safety education, new strategies are needed to disseminate to a larger number of the population the urgency and importance of maintaining necessary caution on the Internet and treating their personal data with greater care. They are needed. TV programs, radio, Twitch and other media that contribute to spreading this message,” he concludes.