How to Know if an Email is Real
7 minute read

Hackers and scammers have become more cunning when it comes to creating false emails.  
What is a malicious email? 

Malicious emails are created by scammers, bad actors, and hackers to trick you into downloading a virus, paying money, or giving up your personal information.
These malicious emails can look virtually identical to legitimate emails, and do not always get caught by spam filters. Some of these emails might appear to come from your friends and colleagues who may unknowingly have been hacked.
So, this begs the question, how do I know if my email is real? These five steps will help protect you to make sure your data remains protected.
Before you respond, remember S.A.I.L.S. 

SAILS is an acronym to remind you to check five aspects of the email you’re looking at. It stands for Sender, Ask, Information, Links, and Scope.  


Check the sender email address to see if this is suspicious. You can do this by hovering over the email and making sure the email address they gave is legitimate.


If this email seems a little unusual, or even the least a bit suspicious, ask your IT team, call the sender, or google the first few lines of the email to check the legitimacy.

In the wise words of Ronald Reagan, “trust, but verify.”

Information or Money 

If an email is asking you to give money or provide personal information, that should be an immediate red flag.  

Any time an email asks you to share personal information or make a transaction, you must always verify the sender.

Do not immediately click on links, even if you think the link is sent from a trusted source.  

Quickly hover over the link and double-check the URL. Make sure the link is taking you somewhere you recognize and not a third-party site.


Is this kind of email within the scope of your position?  

If an email is asking for banking information or other people’s emails, stop and make sure you are the one who normally handles these requests.  

If this is an email you plan to “forward” a co-worker, you should verify the sender. The last thing you want to do is forward a malicious email.