How to Identify Scam Spam in Emails – Including AI-Generated Spam

Published by Teddi Deppner on

>> Skip the nostalgic backstory and get right to the advice

If you’ve been around the Internet for long enough that you still tend to capitalize the word (oops, see what I mean?), you’ve witnessed the evolution of email spam. In the beginning, it arrived in your inbox and you had to delete it yourself. Keywords in the Subject line like Viagra, Nigeria, 12-inch penis, FREE, or WINNER would stand out for immediate deletion.

It wasn’t long before email services started providing anti-spam filters and safeguards. Suspected spam was dumped directly into a different folder, keeping your inbox free of things that would assault your eyes and throw gutter water in your brain. Every once in a great while, a piece of real communication might end up in the Spam folder, but not often. Google’s Gmail was pretty savvy that way. I hardly ever glanced in the folder, and it was great for peace of mind.

There were a few bumps in the road as the powers-that-be enacted protocols that helped validate email senders and make it easier to spot spammers. Good people’s emails sometimes ended up in spam through ignorance when they didn’t jump through the validation hoops, or when their hosting provider hosted too many spammers and their mail servers got blacklisted.

And then a few years ago the algorithm changed again. For the worse, imho. Suddenly a majority of my friends’ emails were sent to Spam. Sure, they were all authors sending out a newsletter, but they were still my friends and they were email lists I had subscribed to! Beyond that, direct messages sent to people I had emailed before (Gmail should know that we knew each other) were getting dumped in the recipient’s junk folder. The most egregious cases were when direct REPLIES to messages were being sent to spam — how could it not know that I wanted that when it was a reply? Now I have to whitelist EVERY company or individual I subscribed to, or it goes to Spam.

Ridiculous.

I went from happily ignoring my Spam folder to checking it daily like a second inbox. I probably rescue mail from Spam 2-4 times a week! Whatever Gmail’s new anti-spam AI algorithm is, it’s not smart.

And now, with the rapid increase of AI-generated spam, the tone of the spammy scammers has changed once again. It’s getting more personal. And it also depends on the source of the spam–the worst I’ve seen yet is what I’m getting from spammers who source their data from LinkedIn. I’ve been thinking about writing this blog post for a couple of months, but today was the last straw.

I received a very clever scam email about “Microsoft 365 Copilot”. So let’s look at what gave it away as spam–and in this case, a very nasty, potentially costly scam.

Is It Spam or Not? Question Everything

At first glance, this looks quite credible. There’s the Microsoft logo, the reply address seems to be the official microsoft.com domain, it is formatted like a professional invoice with header, footer, address, phone numbers, order ID. There is the common over-abundance of explanatory links to the Microsoft website and when I hover my mouse over them, they do indeed point to official microsoft domain documentation.

With all of these indicators implying “This really must be from Microsoft”, the conclusion we are meant to reach is, “Oh, no! I’ve been charged $360 for something I didn’t order!” And because the From address is “no-reply@microsoft.com” we know there’s no hope for requesting a refund via email. And so we are funneled towards calling the Helpline.

And that’s where the danger lies. That’s when a helpful-sounding person will either try to arrange access to your computer and/or your bank accounts. Here’s a link to someone else’s experience with this piece of spam: https://answers.microsoft.com/en-us/msoffice/forum/all/is-this-a-fake-email-from-microsoft-regarding/d588e581-1365-40d7-bcab-419365b66f2e

Funny thing was, the Helpline section actually holds some clues to recognizing this email as spam:

While most of the email at a glance looks professional, a lot of these little grammar and punctuation inconsistencies don’t add up. Notice the apostrophe “Question’s?” instead of “Questions?” And the lower case abbreviation for California. Even “Microsoft 365 admin center” feels off to me–shouldn’t it be “Admin Center” with initial caps?

NEVER, NEVER, EVER follow the links or call the numbers on a message you think could be spam. In this situation, there were other simple ways for me to confirm the truth of the email.

  1. I opened a new tab in my browser and typed in microsoft.com to go to the REAL Microsoft website. There I logged in and checked my account there to see if my billing history showed this transaction. It did not.
  2. I opened another new tab and went to the website of the only credit card I use for online transactions. I examined the charges for the dates in the email. There was no $360.00 charge from Microsoft.

While the spam email left me with that lingering icky feeling of doubt (“What if there really IS a $360.00 charge somewhere?”), I had to remind myself there was no way it was true. To lay my concerns to rest, I searched online until I found others (like at the link above) talking about the same scammy emails. It was nice to have confirmation that it wasn’t real and I’d done the right thing by deleting it without touching anything.

See how this works? Ultimately, spam is a mind game. And it preys on not only ignorance of the tactics and what’s possible, but also the natural fears and doubts even tech savvy people may have.

Guarding Against the Psychology of the Spammer

These people are leveraging well-known psychology against us. They play off our fear of being cheated, our desire to avoid being charged for something we didn’t want. They prey on our doubts about whether it could have happened because a family member made a purchase without our permission or a company we do business with (like Microsoft) could have made a mistake.

They are also playing the numbers. If you scan through the emails in your junk or Spam folder, you’ll see big name retailers mentioned frequently.

  • American Express
  • Capitol One
  • PayPal
  • Costco
  • Harbor Freight Tools
  • Best Buy
  • Zoom
  • DocuSign
  • DHL, UPS, FedEx
  • Intuit Quickbooks

These are just the names on ones sitting in my own Spam folder from the past month. If you keep them around for a while, you’ll see the same names repeated over and over with varying subject lines… and then disappear to be replaced by others, repeating in waves. They’re hoping that you do business with one of these companies and that something about one of their Subject lines will hit home.

When you look at them in a collection like this, you can see how desperate they are… and how desperate they’re hoping to make you feel.

  • “Oh, no! Is my account being restricted? Why?”
  • “Am I missing an important package delivery?”
  • “Accounts payable invoice? Do I owe somebody something?”
  • “What? A suspicious purchase on my account? I better look into that!”
  • “A warning about my Cpanel? Maybe my domain hosting is going down!”

Or… like in the good old days, they’re just trying to instill a sense of FOMO and offer some attractive product that you might feel is essential to your happiness or dangle a scenario where you win something great out of the blue.

  • “Revitalize my scalp? Maybe this time it will work…”
  • “Maybe China will offer better loans for my business…”
  • “Oh, look! I won a big DeWalt tool I’ve always wanted, I just need to claim my prize!”
  • “I’ve always wanted to meet a Nigerian prince…”

Watch Out: It’s Easy to Spoof the From Name and Email Address

Two (mistaken) assumptions can be made when it comes to email addresses:

  • If the From name and email address are familiar, then the email is true.
  • If the From name and email address are familiar and the body of the email is obviously a scam, then the sender has been hacked.

Ever since email was invented (or at least since the 1990s when I first started using it), there is a fact that people seem to miss: Anybody can put ANY return name and address in the email From fields.

Just because an email says From: Teddi Deppner <teddi@myrealdomain.com> and you recognize that’s exactly the name and email address you’re familiar with… DOES NOT MEAN IT’S FROM THAT PERSON. If a good friend emails with a sob story about a tragedy and how they just need a little money via this fundraiser website (with link) to tide them over during a crisis, CALL THEM ON THE PHONE and check. Don’t click the link and send them money!

In addition, since spoofing a return address is so easy, it’s important to realize that if you get spam or a scam from a friend’s address, it DOES NOT ALWAYS MEAN THAT PERSON HAS BEEN HACKED. The sender did NOT need access to your friend’s computer or email account to send that email. It’s possible, but not at all certain. And some scams are meant to make you panic and tell your friend they’ve been hacked and then they panic and might take action that compromises them when they weren’t even in danger.

So when you see a name you recognize in the From fields, take it with a grain of salt. All it means is that somebody wrote an email and the email software they used to send it had those things entered in the From name and address fields. It is not verified or any guarantee of who actually sent the message.

AI is Leveling Up Spam Contents

In 2024 I started using my LinkedIn account more actively. I updated my profile, added job positions to catch it up on recent events, etc. I also started working for a company that actively uses LinkedIn as part of their marketing efforts. Suddenly, I was getting a whole new kind of spam.

It was well written. Friendly, casual, and referenced people or companies that I knew and had done business with.

  • “Hi, Teddi! Saw that you’ve worked with [John Smith] on some creative ad projects and thought you might be interested in [this opportunity]…”
  • “Hey, Teddi, since you’re the founder of [Company], you don’t want to miss this webinar on [topic]…”
  • “I noticed that your agency is looking for clients in the [name of industry] space. We can get you 200 qualified leads by the end of the month…”
  • Subject: More Firms Like [Client Name] and [Client Name]” – Obviously pulled from the testimonials on our website.

Sometimes the spam was hilariously off base. “Congrats, Teddi, on your acquisition of [employer name].” Or “We see you’re the CEO of [employer name]…” Ha!

And then there’s the classic business-related version of FOMO subject lines:

  • Re: Quick question (Thread Reply) – “If they’re replying to me, then it must be important!”
  • Don’t Miss Out: Live Masterclass Starts [soon-coming date] – Literally throwing FOMO language at me.
  • Take home more money this year – Who wouldn’t want more money?
  • Stop feeling behind on AI. Inside: 3 Tips How. – Riding the latest trending topics.
  • Get Top-Tier Email Marketing for a Fraction of the Cost – “Boy, wouldn’t that be nice, with email marketing prices going up…”
  • Court-Ordered Notice of Class Action – Is this FOMO or just instilling fear?
  • 7 Days Left! The Secrets to [something] Are Revealed Soon! – Does this sort of stuff still work on anyone?

And the ones that are geared to trigger your sense of responsibility and professionalism:

  • Hi, Teddi, just following up on my previous email… / Did you see my last email, Teddi? – I’m tempted to feel bad about not responding, but there was no previous email, or if there was it was just as unsolicited.
  • Thoughts, Teddi? – “Wow, they really want to know what I think! They must recognize my expertise.”
  • Hey, Teddi, out of curiosity, what do you currently charge for your services? – “Hey, this could be a real business lead!”
  • Client question – “Wouldn’t want to miss a legit client communication…”
  • Hi, Teddi, I found [your company] while researching [relevant topic]. Quick question, do you… – “Maybe this time it’s a real human being. Wouldn’t that be nice, for once?”

For nearly a year after I started receiving these emails to a brand new email address with my new employer, I felt guilty every time I marked these emails as spam. What if they’re a legit business really trying to reach out with a “cold call” approach? The relevancy, accuracy, and almost-real-sounding dialogue in these emails is a startling leap from the cookie-cutter blind shots in the dark of past spam. The spammers have definitely harnessed AI to write targeted content based on publicly available LinkedIn profiles.

But even with these more intelligent, relevant spam emails, the basics are still my best guide.

Simple and Effective Spam Blocks (or “How Not to be Fooled”)

The best way to avoid being scammed by spam is to follow these simple guidelines.

  • Use Common Sense: If it sounds too good to be true (or too urgent and terrible), it’s fake.
  • Check the From Field: If the From Name is a person or business you know, but the Email address itself is a totally different address, it’s fake.
  • Check the From Field: If both the From Name and the Email address are from a friend, but the content of the email is surprising, urgent, unusual in some way, it could be fake. Contact your friend via some other means to verify.
  • If the from address is from a domain name that looks like it was generated by a spam bot (nonsensical, or a relevant keyword plus random letters, or on some non-standard top level domain like .xyz, .ai, .accountant, .info, .co, etc) it’s probably not from a “real company”.
  • Don’t click any links an email with a call to action. Even if everything looks right it’s always safer to login into the account by typing in the address in a fresh browser tab so you know you’re at the real website. Or if you choose to click a link you trust, double check the address before entering any sensitive info like username, password, etc.
  • Don’t call any numbers in an email with a call to action. Fraud can happen over the phone, too. If an email prompts you to call a support line, don’t use the number in the email. Call the official number of the company from their official website.
  • If someone you don’t know or can’t verify asks for access to your computer or to your bank account, just say no. Just like our parents told us–don’t talk to strangers and don’t get in the van with the candy man.

Other Spam Examples

The email above looks pretty normal, but that big button is a link to some nefarious site that has nothing to do with ID.me. Be especially wary of clicking any links to sensitive sites related to your identity, the government, your finances, etc.

Related Links (offsite)

Categories: Tech Tips

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts

How To

Avoid the New, Higher Microsoft 365 Subscription Price

If you’re like me, working in the world of corporate business and publishing, using Microsoft Office products is nearly ubiquitous. Or, as I tend to think, “a necessary evil”. The recent raise in annual subscription Read more…

Reviews & Recommendations

Firefox Extensions for Authors and Content Creators in 2024

After seeing a handy post from AuthorMedia about their short list of recommended Chrome extensions for authors, I decided to research which of their recommendations might be available on Firefox (my preferred browser). For my Read more…

How To

Fix Your 2023 Dropbox Woes – When it won’t sync, says your quota is full, no space, but the file size total doesn’t add up

Wherein myself and a fellow Havok Publishing staffer find the solution to a puzzling Dropbox question about why she ran out of Dropbox account space even though she only had a few shared files in Dropbox.

Get updates via email

Get an email when I have new blog posts, tips, and announcements about my projects.

You have successfully subscribed. Be sure to whitelist @teddideppner.com so emails from me don't go into your Spam folder.