7 Pro Tips To Spot A Fake Email - Email Scam 🚩 Red Flags 🚩

Shannon, another GREAT video. Even after 25 years in IS/IT I still watch all these videos to see what the new email issues are. Probably 99% fall under the return email address are bogus group, so far anyway. Thanks again!

I setup my own e-mail server a couple of years ago, it was a real pain in the behind to get the spif, dkim and dmarc stuff setup just right so that things didn't break. And before anyone asks, to setup an e-mail server you must have a static ip. dynamic IP's simply don't cut it. Not even with ddns services.

Mahalo, Shannon. I definitely learned about a LOT of new terms; I had to go through your video more than once to absorb it. Your security-oriented videos leave me with a sense of empowerment against the maelstrom of email and other nonsense we all receive. Just KEEP pounding this email security into our brains. We ALL have to defend ourselves against it. Aloha!

Thanks for all the great content, Shannon. I'm taking your 30 Days to Security Challenge on your website, and doublechecking your channel here for updates.
I know it's going to take me more than 30 days 😂, but I'm doing it. Are there any specific vids here I should check out while going thru that challenge? I see a lot are relevant, but being new to this info didn't know if there's a "Don't Miss This Video" update. 😊

One thing I always look out for when someone asks me if an email they received is phishing or not is I tell them on their desktop to hover over any links in the email body and look at the url showing at the bottom of the email client. 90% of the time that is also a tell tale sign it's not legit.

I had read once that the bad spelling and grammar in spam are intentional. They weed out the smarter candidates, because no spammer wants to waste their time with someone who's going to be a hard-con.

Thanks for this. Nothing I didn't already know, but this is a great resource for my technically challenged friends and family.

Hi! Sometime knew all my recovery emails for Facebook and tried to get me to click on a link to "recover my password" in every single email. My info is on the dark web including my social from working for the Air Force and then they had a breach in their payment system. I have security software that turns off my Bluetooth if an unauthorized device tries to pair/connect with my phone and my Bluetooth was turned off this morning while I slept in. And not long ago got a notice from Google that said someone tried to access my Google photos and they locked them out and to change my password. The email didn't ask me to click a link so I think it was legit. Your channel is very good and this video will come in handy if they try a more sophisticated attack next time. I appreciate it! Thank you!

Beautiful hair style colours ❤

Thanks for sharing. I learned a lot. I look forward to future security topics. Blessings on your day!

Be suspicious by default! When assessing whether an email is legitimate, make sure you haven't already decided that you want to trust it. Otherwise, you'll look for reasons to justify that decision, and you'll probably find them. Don't fall into the trap of, "Well there could be an innocent explanation for that red flag..." This is probably one of the few times in life when "guilty until proven innocent" is the best approach.

Fantastic video Shannon. I learned of some resources that Ive never heard of before.

If I did not initiate the communication it is a scam. If it takes place outside of the physical office or the website that I know to be correct, it is a scam. Everything is a scam until proven otherwise. Remember this if you don't want to be scammed

I use pgp keys whenever I can to secure the e-mails in transit. Facebook can utilize those keys which is pretty cool. Wish more companies do that.

For some reason we should create database for check for fake email and real email using browser ext checker like spam adverting malware that block them by list. As well link checker as I normal check for news from official site email and daily stuff.

Speaking from experiences, banks, gov and "enterprise" businesses setup 3rd party relays and mailing services and just "forget" to inform their clients, causing all sorts of "trust me" allow list entries when it comes to DMARC and legacy TLS encryption.
And then, there are email security gateway services like ProofPoint and Mimecast, (rare, but does happens) "accidentally" blacklisting each other's SMTP IP address and causing emails to just poof... (dropped).
Everything can go wrong, will go wrong when it comes to email :(
... Oh, and also, I have seen phishing emails using compromised SMTP relays with TLS 1.3 encryption, those are almost impossible to flag, any compromised link in the "business partner" list can be dire consequences, very problematic in financial institutions.
Trust nothing, verify everything :(

I'm getting emails in my regular box not my spam box so it's like a person sending it to a person through my email and sometimes it has my email but most of time it's one to one it's just weird

I got a email claiming to be paypal communications and I had a message to read, i got suspicious and went directly to paypal without clicking on a link in the email.
It turned out to be a legit message from PayPal so the email was good.

Nice video Shanon 👍

I have someone trying to scam me and they want me to send $350 to cashapp and they have the fbi emailing me how should I go about this ?

A very informative video. Thank you.

There's good content here. But just to be safe I tell everyone never click on the link in an email. If you think it's real message from your bank or a company you do business with just go to that company or Bank using your normal process and look for messages there

How i can create such these messages

HI Shannon, like i mentioned in another video using your code i got $10 off because i brought 2 yubikeys!! but i brought these because i thought since this can unlock cell from camera scan vs usb plug into macbook air2 finger print. i dont want to set up through macbook with finger print to open my wallet and if i die my daughter knows my wallet password but doesnt have my finger print!! cant i set up yubikey through macbook air2 camera scan?? if so do you know safe QR code app that wont steal or store my code to steal my wallet?

Chatgpt will allow these people to improve their spelling and grammar.

When I started watching, I was thinking "this will be a great video to send to my mom," but in the end this is too complicated of a subject. I can't expect her to check all the possoble fields. In the end I think it would just make her more upset and paranoid. Your audience is very tech savvy, so not trying to say this is a problem with the video. Just a very daunting problem.

Very good explainer!
For me the strategy is simple, because my usage of e-mail is limited - if it's not something I'm expecting, specially if it's a file for download or link to click, it's an automatic delete.
I don't even need to check the header, it's an insta delete. :P
But that's because my personal e-mail usage is super basic... I don't regularly get contacted by people I don't already know, or companies I don't already know. So if you want to get an e-mail through, you are going to have to contact me multiple ways so that I know it's legit. :P
Even if it is coming from some service or portal I use, I just avoid clicking on links or downloading stuff via e-mail anyways... if it's a service I have an account in, I go directly to it instead. I don't even trust what an e-mail has to say until I double check it on an official website.
In any case, there is something in Shannon's explainer that I'm always a bit curious about... shouldn't there be better indicators for e-mails that seems suspect? It's like, you shouldn't have to open up headers and look things up like that, the e-mail client itself should use design and coding to show these things up more prominently.
Oh well... unrelated or perhaps semi-related, I'm waiting to see the new Thunderbird redesign. xD

I get hacker emails (from my own domain) with Received -SPF saying PASS so that is not a good method. Sorry but it's true. Same deal with DMARC.
Gmail still puts in spam folder though.

I got a Google scam about some virus but it was fishy like it had a link.

Your content is priceless. You are amazing Shannon! Thank you so much for making the world a safer place with all you are doing!!!!

Are you going to review Proton Pass?