Summary
Scam emails pointing to non-existent websites exhibit various telltale signs. Firstly, the claim of errors on a nonexistent website is a major red flag. Additionally, these emails often display poor grammar, spelling errors, and a sense of urgency. They typically request personal information and may promise unrealistic rewards. Key indicators include unusual sender addresses, inconsistent domain names, and the absence of a resolving domain. Examining email headers, domain registration dates (via WHOIS), and website history (using tools like the Wayback Machine) can reveal further inconsistencies. Generic greetings instead of personalized addressing are common. While checking for HTTPS and padlock symbols is advisable, some phishing sites now use SSL to appear legitimate. Moreover, links may redirect to fake websites using URL obfuscation, and spear phishing tactics might leverage information from social media. Always inspect URLs for misspellings or different domain extensions.
Key findings
- Non-Existent Website Claim: Scam emails often claim to find errors on websites that do not exist, which is a significant red flag.
- Poor Quality & Urgency: Poor grammar, spelling errors, and a sense of urgency are common characteristics.
- Personal Information Requests: Requests for personal information, especially if unsolicited, are a major warning sign.
- Suspicious Sender Details: Unusual sender addresses, inconsistent domain names, and non-resolving domains are indicators of a scam.
- Misleading Links: Links may redirect to fake websites using URL obfuscation techniques. Also misspelled URLs or different domain extensions.
- Generic Greetings: Scam emails often use generic greetings rather than personalized addressing.
- Misleading Security Signals: While HTTPS and padlock symbols are typically security indicators, some phishing sites now use SSL.
Key considerations
- Verify Website Existence: Always verify the existence and legitimacy of any website mentioned in the email.
- Exercise Caution with Information: Avoid providing personal information through unsolicited emails. A general lack of trust should be adopted for unsolicited communications.
- Inspect Links Carefully: Carefully inspect URLs for misspellings or deviations from the expected format.
- Examine Email Headers: Examine email headers for inconsistencies.
- Check Domain Details: Check domain registration dates using WHOIS.
- Confirm Security Measures: While checking for HTTPS/SSL is helpful, be aware that it is not foolproof. Always ensure it matches the domain.
- Consult External Resources: Use the Wayback Machine to check a website's historical record or search Google for the website in question.
- Question and Verify: Always trust your instincts. If something seems off or too good to be true, investigate further before taking any action.
What email marketers say
9 marketer opinions
Scam emails pointing to non-existent websites exhibit several common signs. These include poor grammar and spelling, a sense of urgency, requests for personal information, and promises that seem too good to be true. Checking the sender's email address for inconsistencies, unusual domain names, and doing a WHOIS lookup to check the domain registration date can also be helpful. Be wary of unsolicited emails asking for money or sensitive information and unusual senders. Furthermore, look for generic greetings as genuine companies will address you by name. Also, check that the domain actually resolves and isn't just a random string, and verify the website's history using the Wayback Machine. Fake websites often mimic real ones, so carefully examine the URL, contact information, and overall content for discrepancies. Even though checking for HTTPS is useful, some phishing websites now also use SSL to appear legitimate.
Key opinions
- Poor Grammar/Spelling: Scam emails often contain poor grammar, spelling errors, and a sense of urgency.
- Suspicious Sender: Be cautious of emails from unusual senders or those using inconsistent/unusual domain names. Also check the domain resolves.
- Too Good To Be True: Emails promising something that seems too good to be true are likely scams.
- Requests for Info: Be wary of emails requesting sensitive information, especially if unsolicited or unexpected.
- Generic Greetings: Scam emails often use generic greetings instead of your name.
- Domain Age/History: Check the domain registration date using WHOIS and the website history using the Wayback Machine.
- Website Inconsistencies: Carefully examine the website URL, contact information, and content for discrepancies.
Key considerations
- Verify Sender: Always verify the sender's identity and legitimacy before taking any action.
- Evaluate Urgency: Be wary of emails that create a sense of urgency, pressuring you to act quickly.
- Secure Connection: While checking for HTTPS is a good start, be aware that some phishing sites also use SSL. So continue to be vigilant.
- Cross-Reference: Cross-reference information in the email with other sources to confirm its validity.
- Trust Your Gut: If something feels off or too good to be true, trust your instincts and investigate further.
Marketer view
Email marketer from Reddit shares that checking the sender's email address for inconsistencies or unusual domain names is a key indicator of a scam email. They further advised checking the email headers.
9 Feb 2024 - Reddit
Marketer view
Email marketer from ScamBusters.org explains that scam emails often contain poor grammar, spelling errors, and a sense of urgency, and may request personal information.
1 Nov 2021 - ScamBusters.org
What the experts say
3 expert opinions
Scam emails often point to non-existent websites or contain inconsistencies that reveal their malicious intent. A primary red flag is when the email claims to have found errors on a website that doesn't even exist. Further signs include generic greetings, requests for personal information, misspelled URLs, or the use of domain extensions different from the legitimate website.
Key opinions
- Non-Existent Website: The email references a website that does not exist, potentially exposing errors that are impossible.
- Generic Greetings: The email utilizes generic greetings rather than personalized addressing, indicating mass distribution.
- Personal Information Requests: The email attempts to solicit personal information, which is a common tactic in phishing schemes.
- URL Manipulation: The email contains URLs that are either misspelled or utilize a different domain extension than the legitimate website they are impersonating.
Key considerations
- Website Verification: Always verify the existence and legitimacy of the website referenced in the email.
- Personal Information Security: Avoid providing personal information through unsolicited emails, and be wary of emails with generic salutations.
- URL Inspection: Carefully inspect URLs for misspellings or domain extensions that deviate from the expected format. It is also worth resolving the website to make sure something is actually there.
- Trust Your Instincts: If an email feels suspicious, err on the side of caution and investigate further before taking any action.
Expert view
Expert from Email Geeks explains that the email is a scam because the website they claim to have found errors in does not exist. They also send mail telling her that a non-existent website's Google ranking is bad.
24 Jun 2021 - Email Geeks
Expert view
Expert from SpamResource.com explains that phishing emails often contain generic greetings and a request for personal information, which is a red flag.
17 Jan 2024 - SpamResource.com
What the documentation says
5 technical articles
Phishing emails, often associated with scam attempts and non-existent websites, exhibit several characteristics outlined in documentation. They frequently attempt to trick recipients into divulging sensitive information like passwords, social security numbers, or bank account details and may contain unusual attachments. Scammers often employ threats or urgency to pressure quick action, while also leveraging techniques like poor spelling, grammar, and suspicious links. While URLs may appear legitimate, they can redirect to fake websites designed for credential theft or malware installation, employing URL obfuscation. Modern phishing might use information gleaned from social media to personalize the attack (spear phishing). Though HTTPS and padlock symbols are often cited as security indicators, it's essential to recognize that some phishing sites now use SSL to appear more legitimate.
Key findings
- Information Solicitation: Phishing emails often attempt to trick recipients into sharing sensitive data.
- Pressure Tactics: Threats and a sense of urgency are commonly used to pressure recipients into acting quickly.
- Suspicious Elements: Poor spelling, grammar, and suspicious links are indicators of phishing attempts.
- URL Redirection: Links may appear legitimate but redirect to fake websites using URL obfuscation techniques.
- Personalized Attacks: Spear phishing uses information gathered from social media to create more convincing scams.
- Misleading Security Indicators: HTTPS and padlock symbols can be misleading, as some phishing sites now use SSL.
Key considerations
- Verify Authenticity: Always verify the authenticity of any email requesting personal information before providing it.
- Resist Pressure: Avoid acting hastily in response to emails that create a sense of urgency or use threats.
- Examine Links Carefully: Thoroughly examine links for suspicious patterns or URL obfuscation before clicking.
- Protect Social Media: Be mindful of the information shared on social media to reduce the risk of spear phishing attacks.
- Go Direct: Instead of clicking the link in the email, go directly to the website in question via a search engine to ensure legitimacy.
Technical article
Documentation from NIST.gov explains to check the URL for HTTPS and a padlock symbol to ensure the website is secure, but also notes that some phishing sites have started using SSL to seem more legitimate.
9 Aug 2021 - NIST.gov
Technical article
Documentation from DigitalGuardian.com explains that in spear phishing emails, the email might use information that the attacker has gathered about you from social media or other sources to appear more legitimate.
20 May 2025 - DigitalGuardian.com
Are people still falling for email scams?
Can a competitor damage my domain reputation by sending spam with links to my site?
Can a competitor damage my domain reputation by sending spam with my URL?
How are bad actors using Google Forms to send spam?
How can email senders and users prevent and identify phishing emails?
Why are emails being marked as junk or phishing in Outlook 365?
