Fraudulent emails are messages where criminals pretend to be someone you know or trust—like a coworker, company, or financial institution. While many fraudulent emails are easy to spot, some can be surprisingly convincing.
Read on to discover our top ten red flags for identifying email fraud and email scams.
TOPICS COVERED:
- Visual / Surface Cues (What You Notice)
- Context Clues (Does This Make Sense?)
- Interaction Risks (What It Wants You To Do)
- Big-Picture Gut Checks (Final Sanity Check)
- What To Do If You Receive A Suspicious Email
Visual / Surface Cues (What You Notice)
1.) Poor grammar and off-looking branding
Visual and grammatical errors can be difficult to spot at first, but the closer you look, the more apparent they become. Fraudsters spoof emails from well-known companies—some are easy to spot, but others look nearly identical to legitimate messages. Stay aware: while some emails are obviously fraudulent, others can be much harder to identify.
- Look for misspellings, awkward grammar and punctuation, and inconsistencies in branding.
2.) Generic Greetings
If someone doesn’t really know you or have you in their email database, they’ll often use a generic greeting that doesn’t include your name.
- Watch for greetings like “Dear Customer,” “Hello,” or “To Whom It May Concern,” which are common red flags of both spam and fraudulent emails.
3.) Incorrect Email Address
Fraudulent emails posing as a company or person you trust will try to replicate the real email address as closely as possible. For example, jackie@microsoft.com may appear as jackie@rnicrosoft.com… Do you see the difference? The “m” in Microsoft has been replaced with an “r” and an “n” placed together (“rn”). Fraudsters may also use characters from other alphabets, like Cyrillic, to create subtle differences.
- Test your ability to spot these in the examples below:
-
-
-
- norstrom.com vs. nordstrom.com (misspelling)
- amazon.com vs. aмazon.com (Cyrillic “m”)
- studio1.com vs. studioI.com (number 1 vs. capital I)
- Kellogg.com vs. Kellogg.org (different domain ending)
-
-
Context Clues (Does This Make Sense?)
4.) Unexpected Emails
If you’re not expecting communication from someone, do not click or respond until you verify. When criminals hack an email account, they can review past messages and gain insight into recent conversations and projects. This allows them to reference relevant details to build trust—before making unusual requests or claiming a sudden change.
5.) Urgent Messaging
Scammers often use urgent, demanding, or threatening language to create panic, frequently paired with artificial deadlines like “within 24 hours.” They may also impersonate coworkers or partners, asking you to process transfers quickly or update payment details.
- Watch for messages like: “Urgent: Your account will be closed in 24 hours,” “Your account has been hacked—click here to verify,” or “URGENT REQUEST: Provide bank details to receive your refund.”
Interaction Risks (What It Wants You To Do)
6.) Strange Attachments
Attachments such as .zip, .exe, .scr, and even common types like .pdf or .docm can carry malware designed to steal credentials or compromise your device. If you receive an unexpected attachment, always verify it through a trusted source before opening it.
7.) Requests for Sensitive Information
Never send sensitive information through email unless you’ve verified the request. When in doubt, contact the organization directly using a trusted phone number or official website.
8.) Suspicious Links
Like harmful attachments, suspicious links can install malware or redirect you to fake websites. Be especially cautious with shortened links (like bit.ly or tinyurl) that hide the full destination.
- Always hover over links with your mouse before clicking to preview the full URL—and make sure it matches where it claims to go.
Big-Picture Gut Checks (Final Sanity Check)
9.) Too-Good-To-Be-True Offers
Scammers often lure victims with promises of high returns, free money, or luxury items.
- Common examples include winning prizes you never entered for, surprise inheritances, or unusually steep discounts.
10.) Inconsistencies With Known Facts
If an email feels urgent and doesn’t match what you know to be true, take a step back. Scammers often mix partial truths with false information to create fear and push you into acting quickly.
What To Do If You Receive A Suspicious Email
- Do not click any links or open attachments
- Do not reply to the email
- Contact us directly by calling us at 1-877-968-7672
At Core Bank, we will never ask you to provide sensitive information like passwords or account numbers by email. While these are some common red flags, fraudsters are constantly evolving their tactics. When in doubt, always contact the organization directly using a trusted source. And lastly, remember: not all scams are easy to spot—and no one is immune to fraud.
Resources
Check out our Cybersecurity & Fraud Protection Webpage for more tips and information about how to stay safe.
