Spam emails can be very dangerous for your business, especially if you don’t know how to spot them! Check out these 2 quick steps to help you identify a spam email.

YouTube video
Cybercriminals use electronic messaging systems to send out unrequested or unwanted messages in bulk. This tactic is called spamming, and it’s a lucrative practice that’s difficult to stop. The cost of delivering a message via spam is next to nothing, and if even a very small percentage of targets respond, a spammer can make a lot of money.

The cybercrime market is now at nearly $1 trillion per year. Spammers make big money from stolen data:

One Social Security Number = $1.00

DDoS = $7.00 per hour

A Medical Record = over $50

Credit Card Data = up to $60

Bank Account Info = $1,000 or more

Mobile Malware = $150

Malware Development = $2500

Spam= $50 for 500k emails

Custom Exploits = $100k to $300k

Facebook Accounts = $1.00 for an account with 15 or more friends.

Even worse – they are very often successful. 10 targeted spam messages have a:

  • 90% chance of getting a click.
  • 8% chance of users clicking on an attachment.
  • 8% chance that users will fill out a web form.
  • 18% chance that users will click a malicious link in an email.

Even CEO’s get spoofed and share usernames and passwords.

What should you do? Learn to Identify Spam Emails.

Here Are 2 Quick Steps You Can Take:

Step 1 – Find the sender’s real address.


You can see that the sender’s address is from “365 Mailbox”, which implies that it’s from Microsoft Office 365. However, if you look closer at the “From” address you’ll see that it’s actually coming from someone at “”. This is your first warning that it might not be from Microsoft.

Step 2: Check where the link in the email actually points.


Don’t click the link, but hover your pointer over it. This will tell you where the link actually goes. In this case, it would take you to “” and not a Microsoft address. So, you can see that this message is definitely spam.

Here’s another example of a spam email. You can see that this email is not from Dropbox, but from “”. Plus, the “Download” link isn’t from Dropbox. Instead, it would take you to “”. Screen%20Shot%202017-11-17%20at%209.06.30%20AM.png


Why are you getting spam emails in the first place?

95% of all the junk mail you get is probably because you gave your email address to somebody who leaked it to a spammer. Some businesses will also sell your email address to other companies.

You may be getting spam because you sent mail to someone who wasn’t connected to your local server. This slows down your email and gives spammers free bandwidth to get in.

Spammers also use something called Trojans/Script capturing by using HTML emails to confirm your email address. The best way to disable this is to go to the preview window and delete the message. You can also disable HTML emails.

Another way spammers can get your email address is through Dictionary Attacks. This is when spammers connect to your server and try random addresses to get through. They do this by going through the alphabet. Make sure your server blocks the sending server after a number of failures. You can also set it for a maximum number of recipients per message, or set a delay between recipient addresses to slow the spammer down and get them to go elsewhere.

Why is Spam So Worrisome?

Cybercriminals use spam emails for phishing and spear phishing to acquire sensitive data and access to bank and credit card accounts.

Phishing emails:

  • Are sent to the general public via mass scams.
  • Impersonate a government agency, bank or store like Amazon.

Spear Phishing emails:

  • Target specific individuals.
  • Are personalized and use facts about you to draw you in.

Don’t Fall for SPAM. Here are some more tips for you:

Don’t assume emails are from someone you know. As suggested, always check the “from” email address.

-Beware of messages that:

  • Try to solicit your trust or curiosity.
  • Contain a link you that you must “check out now.”
  • Contain a downloadable file like a photo, music, document or PDF file.

-Don’t believe messages that contain a compelling call to action:

  • With an immediate need to address a problem that requires you to verify information.
  • Urgently asks for your help.
  • Asks you to donate to a charitable cause.
  • Indicates you are a “Winner” in a lottery or other contest, or that you’ve inherited money from a deceased relative.

-Be wary of messages that:

  • Respond to a question you never asked.
  • Create distrust.
  • Start a conflict.

-Watch for key flags like:

  • Misspellings
  • Typos

Your data is one of your most valuable assets, not only to you but to cybercriminals as well. Protect your business – don’t get caught by spam and phishing. The experts at STS can train you and your staff to recognize and block these threats. Contact us at (02) 8212 4722 or [email protected].