Spotting fake emails

Posted on Tags , , ,

Spam emails are a fact of modern day life. Here I will go through an email that I recently received that claims to be from Santander.

As expected, the email is written in such a way as to cause panic and fear. The goal is to get you to act immediately before their website is shut down and the opportunity to get your banking login details is lost.


The more you examine the email, the more obvious it becomes that it is fake. The spammer is hoping that you will simply skim read the message and click the link in that email where the next stage of their con can continue.

At first glance the email address looks legitimate and the web address shown is indeed for Santander.


However, not all is as it seems. Let’s read the email and see what it says.

It’s safe to open an email to read, just don’t open any attachments or click any links within the email until you’re sure it’s legitimate.

Starting at the top…


The first thing that raises suspicions is the grammatical mistake in the subject: ‘3 Times Login Attempts’. It’s highly unlikely that a banking giant would make such an error.

Next is the header image. It’s clearly not in the correct proportions, and if you look carefully you can see there is a mismatch of colour between the red in the logo and the red strip of colour running behind it. A big name brand would never allow their logo to be displayed in such a way.

Moving on to the text below:


Why is there an accent above the ‘e’? There is also a grammatical error in the form of an erroneous comma and a lack of full stop at the end of the paragraph.

The lower section of the email again features an improperly proportioned image, spelling mistakes and grammatical errors.


So, after all that we’re pretty sure that is message is fake. There is one final check that will put this to bed, and that is to check the headers of the email.

What are headers?

Header lines that identify particular routing information of the message, including the sender, recipient, date and subject. Some headers are mandatory, such as the FROM, TO and DATE headers. Others are optional, but very commonly used, such as SUBJECT and CC.

The process of checking a header varies in email clients, but in the case of Microsoft Outlook you need to open the email in question and then click the arrow to the right of reply and select ‘View message source’.

A box will pop up with lots of text to scroll through. Here we looking for an email address that is different to that of the one we saw earlier. In the following image I have highlighted the email address in question.



The email address is not legitimate.

Checking the links

If by now your still not sure you can also check the links within the email. If a spam email does not have an attachment then it is likely they are wanting to direct you to a website where they can extract your personal information. By putting your cursor over a link, in this case the ‘Confirm’ link. we can see where we are being taken by looking in the bottom left of the browser window.


This is obviously not a Santander address.

For the sake of research, lets visit the site (please don’t do this yourself) and see what we find…

Immediately we are redirected to a clone of the Santander login screen which appears almost identical to the original.


But look at the address bar.


A subtle addition of an ‘i’ to the spelling of Santander. This is not the real website. Cheeky monkeys even have an SSL certificate!


So, after all of this we can agree that this is a fraudulent email. They did make it easy for us this time but be aware that some emails are much more polished. I hope that with the above information you will now be able to analyse emails and pick out the frauds.

Copyright © 2018 Convergence. All rights reserved.