Some email scams are easy to spot. Other types of scams, like emails with forged or misleading sender addresses, can be harder to catch.
Such emails are often referred to as “spoofed.” Scammers “spoof” by trying to make you think the sender is someone you know and trust in an attempt to get you to send money, disclose personal information, download malware, and so on.
Spot the spoof
- Compare the address with the display name. Often the name will be familiar, but the actual address will not be.
- Look for a previous email you received from the sender and see if the address is the same.
- Check the spelling. Scammers often change a single letter in the name of the person they are impersonating.
- Compare the From and Reply-To addresses. Be suspicious if the From address is clearly a U-M address, but the Reply-To address is not.
- Check that email from someone at U-M is from a umich.edu address. Scammers often create free email accounts from Google or Yahoo with names similar to those of U-M officials.
Additional clues on Safe Computing
See “How to Spot a Spoof” for other clues about the sender you can examine. For example, you can review typical scam emails on Safe Computing to learn what sorts of requests (like requests for gift cards) are suspicious. You can also look at the full or original headers of the message for additional clues