Analysis of a scam email

Print Friendly, PDF & Email

If no one ever opened a scam/spam email, the spammers would stop sending them. If you have checked your spam folder lately, you know that the flow of spam doesn’t seem to have slowed down much. One reason I like Gmail is that their excellent spam filters keep that garbage out of my inbox. But what if one slips through? How do you identify an email as a scam?

email scam


Let’s take a look at one of these that showed up in my email recently.

Gmail correctly sent it directly to the Spam folder, but I pulled it out of there just for the purpose of this blog post. Four things on this email jump out to me right away.

email scam


First, it does not state clearly who is sending the email. It just says that it’s being sent from “” on behalf “Payments Dept”. This is just an email sending service, not a person. That doesn’t necessarily mean it’s a scam, since many legitimate online businesses use an email service. I use one of the most popular ones, Aweber, to send out my Monday morning emails. But they fact that they have chosen the display name “Payments Dept” is suspicious.

Second factor is the blind link within the email message. This is exactly the type of link you should never click on, and for that reason alone this email is one that should just get deleted. But in the interest of investigation, I followed that link to see where it would go. Don’t try this at home!

The actual link behind that text is this:

but once it was clicked, it forwarded from that address to this actual website address:

So now we can actually see where we’re going with this junk.

On that page is a video sales pitch for some stock trading software that the video claims is currently making its other users $10,000, $20,000 or even up to $60,000 each month. And it’s all automated! You just click one button in the morning, and go out and do whatever you want to do during the day, and by the end of that day you will have thousands of dollars in your bank account. To any resaonable thinking person, this is obviously all garbage and a complete scam. Unfortunately, there are many people that buy it simply because they want so badly for it to be true.

But what about the Paypal payment that was already “processed”, that the original email talked about? Just a lie to get me to click on the link and hopefully get sucked into the scam.

Just what we’ve already talked about is enough to prove that this is not a legitimate email. But there’s more.

The third item – you can’t see it very well in the image, but at the bottom of the email there is what is supposed to look like a US mailing address. That’s designed to add some credibility and make it more believable. After all, a scammer wouldn’t actually give out his address, right?

Well, what it says is this:

Finance Rewards Society, 2205 Rose Avenue,, LA, 70171

They’re hoping people see that and just assume that it’s in Los Angeles, California. Except there is no 70171 in California. In fact, that zip code does not exist anywhere in the United States.

The fourth tipoff is that you can “unsubscribe” and you can even “report abuse”. But the place you’re reporting the abuse is the very place that’s sending you the email. They’re giving you the opportunity to THINK you have reported them, so you don’t actually report the spam/scam to any authority or group that can take action against them. They allow this type of scam email to be sent through their service, so your “report” doesn’t do any good. It’s like reporting a burglary to the burglar’s accomplice.

The other factor that is common in a lot of scam emails is bad grammar and misspelled words. It’s usually very clear that whoever wrote it is not a native speaker of English. In the email example above, there are only a few sentences so they didn’t really have any glaring grammatical errors. But I’ve often said this: if a convincing scammer ever teams up with someone that knows proper written English, that’s a team that will be able to scam a lot of people. The bad guys already snag a lot of people even with their broken English; who knows what they would be capable of if it sounded legitimate.

listen to my podcast in iTunes

Share this post

4 comments Add your comment »

Get updates when new comments are added. Subscribe to the comments RSS Feed

Pat Lafaye
November 16th, 2015

That was very helpful. I’m getting better at spotting these but have a way to go.

November 16th, 2015

Scott, you missed one thing about clicking on the “unsubscribe” and “report abuse”. When you click on these, it shows the spammers that your email account is real and is being read. They will sell/share your email to others.

Charlotte Henderson
November 16th, 2015

When I receive any suspicious email, I never open it, of course. But, without changing anything, I do forward it to the “scam” report address of the party named in the email. For instance, this email talks about PayPal – so I forward the entire email to

Charlotte Henderson
November 16th, 2015

Response to Carrol – If you simply forward the questionable email to whatever spam-reporting address you use – without clicking report abuse or unsubscribe, it doesn’t give the sender (presumed spammer or crook) any info.