Is it a scam? Simple ways to check an email is legit
Share
We get asked almost daily by customers if an email they have received from Google or Meta is real. Almost all of them are scams. And these days, almost all of them look almost perfect - the design and layout has become super slick.
Here are some basic warning signs to watch for and things you can do.
1. Never click the link. Do not click the 'Fix it Now' button.
If there is an issue with your account you can find out by opening the account in your web browser and logging in as usual. If something is wrong there will be a prominent warning displayed.
If you are almost 100% sure the link is ok, hover over it and you will see where it will really take you... the domain name should be perfect, ie if the email is from Google it should be showing google.com
2. Keep your antivirus up to date and use a good one.
Ideally good spam protection will detect the issue and block the email from appearing in your inbox, sending it to your junk folder instead.
3. Hover over the 'from' address.
The senders email can be masked with an alias but the hidden email should show if you hover over it. This is NOT a 100% failsafe tactic but it will let you weed out 90% of scams at a glance.
You can also open your browser, put " " around the from address and google it. This will quickly show if other people are worried about similar emails and often identifies if it is a scam.
Meta and Google post lists of the legitimate emails they use and although these are not always up to date they are a good guide. As of today, Meta say that any emails from Instagram or Facebook about your account will only come from @mail.instagram.com, @facebookmail.com or @account.meta.com. They add that you may also receive official emails from @global.metamail.com and @metamail.com about non-account related things.
4. Beware of any email with a threatening warning
Don't trust messages threatening deletion or banning of your account. It may say your ads violate a policy or your account is suspended for suspicious activity or some other thing that makes you worried and impairs your judgement. Just breathe. If something has been genuinely suspended there are steps that can be taken to redeem that.
5. Emails should never ask you to
- Click to login
- Provide your PIN
- Provide your password
- Provide a bank account
- Provide common security info like your birthday, mothers maiden name, first pet
6. Do not open attachments.
These can be executable files meaning that they can take action on your computer or phone. And you will not like what they do.
7. Do not reply.
Many emails contain trackers that will note this action and flag you as worth more attention or even put you on more scam lists.
8. In general, be careful about links and websites.
Consider what links you click on, especially in emails and on websites, and avoid any websites that might be spammy - often gambling, po**, or anything with pop ups everywhere.
9. Where possible, limit what you share online.
Not easy as a business owner in this day and age where global companies require your drivers licence to run ads, or use facial recognition to ID you.
10. If all this checks out and it still doesn't feel right...
Open your browser and go directly to the company's website and email them and ask.
We've got some seriously exciting emails recently about massive marketing projects from global companies where the 'from' email was almost perfect (but slightly off) and every other detail was totally convincing. Yep, spam! Our international work continues to come from real-world connections, and to be honest we love it that way.
Thanks Hannes Johnson for the cover image.