How to Identify a Fraudulent Email

April 29, 2021
How to Identify a Fraudulent Email

It’s becoming easier for hackers to create fraudulent emails by imitating colleagues, partners, suppliers, and institutions that have earned your trust. Regardless of your employees’ loyalty or the spam and phishing filters installed on your email server, your business is at risk of being a victim of fraud. To prevent it, let’s discuss the characteristics that make up a fraudulent message and the elements that should raise suspicions for you and your employees:

  • An email address with omitted letters or the use of a public server – In principle, hackers will try to create an email address as similar as possible to the one they are attempting to imitate. To achieve it, they omit letters that are easy to ignore at a quick glance or modify a company name in a credible way. For example, instead of the organizational email they could use or Also, don’t trust emails bearing addresses from public servers like or Other emails you shouldn’t trust are those that, despite showing a reasonable screen name, have a strange address, such as
  • Writing mistakes – Misspelled words, poorly structured sentences, double spaces between words, informal language, and grammatical errors are strong indicators that something is wrong. Also, pay attention to incorrect or expired dates. Reputable institutions have professional copywriters overseeing the quality of official communications.
  • Messages demanding urgent and confidential action – Attempting to collect your information or obtain funds in an illegitimate manner, hackers will present an urgent and confidential request, insisting on its importance, so you don’t have time to question the legitimacy of the request until it’s too late. For example, your employee might receive a message from an alleged coworker urgently asking for help with a late payment to a supplier. Also, he urges the recipient to keep the information confidential so his job won’t be in jeopardy and assures the recipient that if he accepts, he will owe him a great favor.
  • A sudden request that falls outside established procedures – The most common suspicious requests include asking you to confirm your user information by clicking on a link, requesting an “update” to the details of a payment made to a beneficiary by using the information they now provide, supplying new contact information that is different from the one previously verified, and insisting that from now on you only use that new information to contact them. They may even claim to be your bank and ask that you provide your personal identification number (PIN) or other sensitive information.

Other details to watch out for:

— The email’s subject line (used to indicate the purpose of the communication) is empty or has a generic message

— Low-quality images

— Attached links whose URL begins with “http” instead of “https

— Pages that accept false user data

Here’s an example so you can better visualize what we mean:


How to Identify a Fraudulent Email

Remember that a hacker could pretend to be a top executive, a coworker, a partner, a supplier, a banking representative, or even an attorney. To protect your business against these scams, be sure to educate your employees on the different manifestations of fraud, how to detect it, and what to do when a threat is identified. Your employees are your business’s first line of defense and being aware of the dangers is the first step towards protecting your company.

Visit our Security Center for more content related to commercial fraud. Also, our Business Education Center has the following articles available to you:

  1. Checklist to prevent fraud in your business
  2. Protect your business from malware and phishing
  3. Best practices to avoid fraud
  4. Avoid fraud on your debit and credit card
  5. Prevent fraud from ruining your business

This article is informative and does not represent any endorsement or guarantee of certainty. Popular Inc. nor any of its affiliates, subsidiaries or related are or will be liable for any special damages, direct or indirect, as a result of the information contained in this article. In case you require any type of advice you should always request it from a competent professional of your preference.