How to Identify and Avoid Dangerous Email

Malicious messages such as scams and phishing attempts are some of the most dangerous items that you can receive in your email inbox. These messages often attempt to create a sense of urgency with the hope that you will click a link and give up a password or other sensitive information. Other messages contain attachments designed to infect your computer with viruses. Learning how to identify dangerous email can help you prevent it from causing damage to your computer, your finances and your privacy.

Step 1

Enable spam protection in your email client or service. Alternatively, install an Internet security program that blocks unwanted email automatically. Spam protection services use databases of known scam, phishing and fraudulent messages to filter out dangerous email.

Step 2

Beware of any message asking you to provide personal information such as a password for an online service. These messages are almost always phishing attempts designed to steal passwords from the unsuspecting. Often, these messages attempt to prey on your fears by warning you that an account will be blocked or canceled if you do not sign in.

Step 3

Avoid clicking links, unless you are expecting a message with a confirmation link because you have signed up for a new online account. Otherwise, links typically lead to phishing websites. If you believe a message with a link might be legitimate, type the address of the website manually to be certain you are navigating to the correct website.

Step 4

Avoid any message promising large sums of money in exchange for providing a trivial service. Such messages are typically scams, sent to thousands of people at a time using automated systems with the hope that one or two will respond.

Step 5

Avoid any message with an attachment, even if the message appears legitimate. Attachments frequently contain viruses.

Step 6

View the source code of a message if you believe the sender’s address is forged. The source code contains the full headers of the message including the address of the originating server. If the originating server has a different address than the one in the “From” field, the sender’s address may be forged.


If you receive email containing a scam or phishing attempt, you can report it to the Federal Bureau of Investigation via the Internet Crime Complaint Center. If you receive spam, forward it to the Federal Trade Commission at for investigation.