Home arrow Email arrow Outlook arrow Using Outlook Message Options to Spot Fakes
Using Outlook Message Options to Spot Fakes Print
Thursday, 22 May 2008
Have you ever wanted to see if an email item was fake, but did not want to open the item in Outlook? Sometimes it’s an email that looks real, but you’re not certain. One quick test I use to judge email is to use the message options feature, which shows the email header information.

Last week, I had a problem with my PayPal security key. Rather than waiting on hold with technical support, I emailed them about my problem. The next day, I got an email that looked like it might be a response to my issue. Since Outlook’s junk mail filter isn’t perfect, I decided to take a further look.

I prefer not to open these types of emails. Instead, I look at the message options. This section often provides enough information to judge between real and fake items. In the image below, the message Subject: was somewhat convincing given the timing.

Outlook-email-folder-
Click to enlarge

Using Outlook Message Properties for More Clues

Each message sent to you contains an email header with more information about the message. This is info you don’t see as the data elements are generally not useful. One exception is when you’re trying to judge if an email is legitimate.

To check an email’s properties,

1. Open your Outlook Inbox or another mail folder.

2. Right-click the questionable email.

3. Select Message options… from the menu.

A Message Options dialog will open with more information about that email. Depending on the phisher, you can see immediate clues and don’t need to look further.

In this case, some obvious clues showed in the Delivery Options section. You can see they use a similar domain. Instead of using paypal.com, the domain shows as paypaI.com. Depending on your display font, the capital “I” may look like a lower case “l”. The sender also used “donotreplay” instead of “donotreply”.

Outlook-Message-options-dialog
Click to enlarge

Reviewing Internet headers:

The above clues were enough for me to know this email was fake. Sometimes, you need to review info in the Internet headers: section. You can scroll down the dialog to see more, but it may be easier to copy and paste the information to a program like notepad.

If you look at the headers, you can see other questionable items. Again, you see the use of the fake domain. At least they spelled accounts correctly.

Email-header-with-highlighted-items
Click to enlarge

Two other items that you might look at are the X-Mailer: field and the To: field. One question to ask is would the real sender would use the email program listed. I think it’s unlikely any large support organization would use Outlook Express for client correspondence.

Another item to review is the To: field. Again, in my PayPal situation I would not expect to see this company use “undisclosed-recipients”. I have a relationship with this company so they know my name. The real email that arrived did use my name.

Although spammers and phishers have gotten good at making HTML emails look official, many don’t forge the header information. That’s not to say, it can’t be done, but they take shortcuts. Eventually, spammers will forge these items too but in the meantime you can use this tip when your spam filter doesn’t catch these.

Related Outlook Email Tutorials

How to use Outlook rules to flag email from people you know
How to read an email header (Microsoft)
Last Updated ( Sunday, 20 July 2008 )
 
[ Back ]