What is the quickest way to check if a link in an email is suspicious?

The quickest way is to hover your mouse cursor over the link (without clicking) to reveal the actual destination URL. If it doesn't match the expected domain or looks suspicious, do not click.

Can a scam email still be dangerous if the linked website is non-existent?

Yes, a scam email can still be dangerous. Even if the linked website is non-existent, the act of clicking the link might trigger a malicious script, or the scammer could activate the domain later. It's best to avoid interacting with such emails entirely.

Why do scammers often use generic greetings and poor grammar?

Scammers often target a wide audience and may not invest in professional copywriting, leading to errors. Generic greetings are used because they don't know your specific name, which saves them time when sending mass phishing emails.

How can email authentication protocols help prevent these types of scams?

Email authentication protocols like DMARC, SPF, and DKIM help verify that an email truly came from the domain it claims to be from. When correctly implemented, they make it much harder for scammers to spoof legitimate domains, reducing the effectiveness of phishing attacks.

What should I do if I accidentally click a suspicious link but don’t enter any information?

If you accidentally click a suspicious link but don't enter any information, immediately close the browser tab. Then, run a reputable antivirus/anti-malware scan on your device. You should also update your passwords for any accounts related to the email, especially if you were even slightly concerned about exposure.

What are the signs of a scam email pointing to non-existent website? - Compliance - Email deliverability - Knowledge base

Scam emails have evolved far beyond the obvious "Nigerian Prince" schemes. Today, attackers craft sophisticated messages designed to trick even the most vigilant recipients. One common tactic involves directing you to a website that looks legitimate, but is either a fake replica or, in some cases, a completely non-existent domain. These emails are often designed to steal your credentials, deploy malware, or extract personal information under false pretenses.

Understanding the subtle and not-so-subtle cues within these emails and their linked destinations is crucial for protecting yourself and your organization. I’ll share how to recognize these deceptive messages, especially when they lure you to a non-existent online presence, and provide actionable tips to avoid falling victim to such elaborate phishing (or spear phishing) attempts.

Unmasking the sender: the email address as a clue

A primary indicator of a scam email is often found in the sender’s email address itself. While the displayed "From" name might appear familiar, a quick check of the actual email address often reveals discrepancies. Scammers frequently use domains that are slight misspellings of legitimate companies, or they might use generic email services to send their malicious messages. For instance, an email claiming to be from a well-known bank might come from "bank-support@gmail.com" instead of the official domain.

It is common for bad actors to forge email addresses, making it appear as though the email originated from a trusted source, even your own domain. This practice, known as spoofing, bypasses simple sender name checks. Always inspect the full email address, not just the display name, to verify its authenticity. If the domain seems off, even by a single character, it is a significant warning sign that the email is a phishing attempt. You can learn more about how to identify suspicious email domains and spamtrap networks.

Legitimate organizations will almost always send emails from their official, recognizable domains. If you receive an email from a company you interact with and the sending domain looks unfamiliar or generically hosted, treat it with extreme caution. This mismatch is a strong signal that you are dealing with a fraudulent message designed to lure you to a bogus site.

Red flags in email content and design

Beyond the sender’s address, the content of the email itself often holds numerous red flags. Poor grammar, awkward phrasing, and spelling errors are classic indicators of scam emails. While not always present in highly sophisticated attacks, these linguistic mistakes often betray the scammer’s unprofessionalism or non-native English speaking origin.

Another common sign is a generic greeting, such as "Dear Customer" or "Valued User," rather than using your specific name. Legitimate companies typically personalize their communications. Additionally, scam emails often carry an urgent tone, demanding immediate action to avoid severe consequences like account suspension, data loss, or legal trouble. This urgency is designed to create panic and bypass your critical thinking. You can also refer to this guide on how to spot a phishing email.

The design and formatting of the email can also be telling. While scammers sometimes create convincing replicas of legitimate branding, inconsistencies in fonts, logos, colors, or overall layout should raise suspicion. If the email looks slightly off, or if images appear pixelated, it might be an attempt to mimic a genuine brand without the precision of a professional marketing or customer service team. Pay attention to any oddities.

Unprofessional language

Look for spelling errors, grammatical mistakes, or awkward phrasing. These are common signs of phishing attempts.

Generic greetings

Be suspicious of emails addressed to "Dear Customer" or "Valued User" instead of your actual name.

Sense of urgency

Emails demanding immediate action or threatening negative consequences are often scams.

Unusual requests

Beware of requests for sensitive information (passwords, credit card numbers) directly via email or linked forms.

The deceptive link: website URL scrutiny

Perhaps the most critical sign of a scam email pointing to a non-existent or fraudulent website lies in the link itself. Before clicking any link in a suspicious email, always hover your mouse pointer over it (without clicking!) to reveal the actual destination URL. This step is indispensable. The displayed text of the link might show "yourbank.com," but the hidden URL could be something entirely different and malicious.

Legitimate links will typically match the domain of the company sending the email. For example, if the email is from Apple, the link should lead to `apple.com` or a valid subdomain like `support.apple.com`. Scammers often use URLs that include the legitimate brand name but add extra words, misspellings, or entirely different top-level domains. For instance, `apple-support-update.co`, `appl3.com`, or `apple.login.co` are all red flags. A non-existent website might be indicated by a domain that is clearly garbled or unrelated.

Another crucial detail is the presence of HTTPS. Secure websites (those that encrypt your connection) will have "https://" at the beginning of their URL and a padlock icon in your browser’s address bar. While some scam sites now use HTTPS, its absence is a definite warning sign. If a supposed login page or payment portal doesn’t show HTTPS, it’s a strong indicator of a fake site. This is a vital part of protecting yourself from phishing attempts, as highlighted by

Microsoft’s security guidance.

Be wary of URLs that seem overly complex or contain multiple subdomains that don’t make sense. For example, `secure.login.yourbank.com` might be legitimate, but `yourbank.com.secure-login.ru` is clearly suspicious because `secure-login.ru` is the actual domain, not `yourbank.com`. Always focus on the root domain, which is the part before the first single forward slash after `https://` (e.g., in `https://example.com/login`, `example.com` is the root domain).

Legitimate link characteristics

Domain match: The displayed link text matches the actual domain in the URL preview.
HTTPS presence: The URL begins with `https://` and shows a padlock icon.
Simple structure: The URL structure is logical and directly relates to the sender.
Known subdomains: Uses recognizable subdomains, e.g., support.company.com.

Suspicious link characteristics

Mismatched domain: The actual URL revealed on hover does not match the sender’s true domain.
Misspellings: Contains typos or subtle alterations of the legitimate domain (e.g., `gooogle.com`).
Unusual TLDs: Uses strange top-level domains (TLDs) like .ru, .xyz, or .cc.
Non-existent domains: Points to a domain that does not resolve or has no active website.

Beyond the email: website characteristics

Even if you accidentally click a suspicious link, there are signs on the landing page itself that can indicate a scam or a non-existent website. A truly non-existent website might result in a "404 Not Found" error or a generic "This site cannot be reached" message. However, more cunning scammers might redirect you to a page that looks plausible but lacks essential elements. Look for an overall lack of professionalism, including poor design, low-resolution images, and inconsistent branding.

Crucially, check for legitimate contact information. Scam websites often have weak or non-existent customer support, lacking a physical address, phone number, or a functional support email. Be wary if the only way to contact them is a generic web form or an obscure email address. Additionally, be suspicious of "too good to be true" offers, unusually low prices, or strange payment methods like gift cards or cryptocurrency, especially for standard purchases or services. IdentityGuard.com offers additional insights into how to tell if a website is fake.

Warning Sign	Description
No contact info	Absence of a physical address, phone number, or functional customer support email.
Poor design	Low-quality graphics, inconsistent branding, or outdated layout.
Too good offers	Unrealistic deals or prices that seem significantly lower than market value.
Unusual payment methods	Demanding payment via gift cards, wire transfers, or cryptocurrency for common transactions.
Broken functionality	Links that lead nowhere, non-functional forms, or a general lack of responsiveness.
Domain age	Newly registered domains, especially for established brands or services.

Views from the trenches

Best practices

Always hover over links to reveal the true URL before clicking to avoid deceptive redirects.

Verify sender email addresses meticulously, not just the displayed name, looking for misspellings or generic domains.

Look for poor grammar, misspellings, and unprofessional formatting in the email body, which are common scam indicators.

Be wary of urgent calls to action or requests for sensitive personal information, as these are typical phishing tactics.

Common pitfalls

Trusting the sender's display name without checking the actual email address is a common mistake that scammers exploit.

Clicking links impulsively due to a sense of urgency or curiosity often leads to fraudulent websites.

Overlooking subtle typos in domain names or email addresses can result in falling victim to sophisticated phishing.

Assuming all websites with HTTPS are legitimate and safe overlooks the fact that some scam sites also use encryption.

Expert tips

Implement DMARC policies to prevent your domain from being spoofed by scammers and enhance email security.

Educate your team on phishing indicators through regular training and simulated attacks to build their awareness.

Use a dedicated email deliverability testing tool to verify links and authentication, ensuring email legitimacy.

Monitor your domain for any unusual activity or listing on email blocklists (or blacklists) to maintain reputation.

Marketer view

Marketer from Email Geeks says that many scam emails refer to websites that do not even exist, which is a key indicator of their fraudulent nature.

2024-07-12 - Email Geeks

Marketer view

Marketer from Email Geeks notes that scammers sometimes make illogical claims, such as poor search engine rankings for a website that does not exist.

2024-07-13 - Email Geeks

Stay vigilant: protecting yourself from email scams

Identifying scam emails, particularly those that point to non-existent websites, requires a keen eye and a skeptical mindset. I’ve outlined several critical signs, from scrutinizing the sender’s email address and the email’s content for tell-tale errors to meticulously examining the linked URLs and the characteristics of the destination website. The digital landscape is constantly evolving, and so are the tactics of those who seek to exploit unsuspecting individuals.

By staying informed about these red flags and adopting a proactive approach to email security, you can significantly reduce your vulnerability. Always remember that legitimate organizations will rarely ask for sensitive information via email, nor will they threaten immediate account closure without prior warning. Your vigilance is your first and best line of defense against these pervasive threats.