hand of a person looking at a list of emails

Spotting Spam at Your Nonprofit

Email spam is the unwanted gift that keeps on giving, inundating the inboxes of millions of charities and civil service organizations every day. The definition of a spam email is any message that is unsolicited. Also called junk mail, spam is often sent for commercial purposes. As a result, major laws have been set up to combat it, including GDPR, the United States CAN-SPAM Act, and Canada's anti-spam legislation (CASL).

But what can be done to stop the flood? Unfortunately not much. However, you can learn to spot spam when it arrives to help mitigate any IT threats that may occur as a result of opening an unwanted email.

drawing of five small figures carrying envelopes to an old-fashioned mailbox

Why Is Spam So Common?

Today there are millions of insecure computers and devices (PDF) connected to the Internet, giving spammers countless opportunities to fill unsuspecting inboxes. Their motives are diverse, ranging from financial fraud to Ponzi schemes.

While spam can come in many forms, this post will specifically cover how nonprofits can combat spam emails, drawing upon advice from Patrick Yokley, the information systems and operations manager at TechSoup.

What Is the Difference Between Spam and Phishing?

Phishing emails are a type of spam that "fishes" for sensitive information from individuals or entire organizations. These messages often mine for financial information and other critical data such as medical records and trade secrets. Criminals use a variety of phishing techniques, but the goal is always the same — to get a person to give up private information for malicious purposes.

Telltale Signs of Spam

1. Unknown Senders

Recipients of spam emails might be copied in a mass email from a person that supposedly interacted with them before. This spamming technique is called social engineering. If you have no idea who sent a message, just mark it as spam and definitely do not pass it on!

Here is an example of social engineering from Gmail:

screen shot of a spam email soliciting an exchange of photos

This message prompts the user to click on a potentially fraudulent link, and the sender has not identified themselves in any way.

Spammers may also use an alias to mask their real email provider in the sender line of a message. Below is a suspicious-looking sender, "Maureen Smith" at qq.com, that appeared in the To field when the recipient clicked Reply.

a To field showing the recipient as Maureen Smith <mr_eliosino@qq.com>

The domain qq.com turns out to be a chat service provider in China. While unexpected emails from other countries are not always a sign of spam, they provide an immediate red flag and warrant further investigation.

You can learn more about a message by checking the email headers.

Outlook

In Outlook, you can select the More Dialog Box Launcher button on the ribbon arrow at the side of the Tags box to open Properties.

screen shot showing the location of the control to open the Properties box

Gmail

In Gmail, you can choose More > Show Original. The More menu is labeled with vertical dots next to Reply.

screen shot showing the location of the Show Original command on the More menu

Message Header Tool

Google offers a Message Header tool that can pick out key information from message headers, such as whether the message passes or fails the three server verification methods. Paste the header into the box and click the ANALYZE button.

In addition to checking email headers, you can use a Reverse DNS/Whois Lookup to test if a sender is legitimate. Simply enter the domain name of the sender on https://whois.domaintools.com.

2. Bad Timing and False Alerts

Spam emails may stoke a false sense of urgency to coerce recipients to take unwarranted actions. Always refrain from taking any immediate action when encountering a suspicious message and contact an expert immediately.

The timing of a spam message may also be off. Any transactions that you cannot recall or those that did not occur within typical business hours are suspect. Other common warning signs include unexpected invoices, large file transfers, and access requests outside of the working week.

3. Suspicious Files and Attachments

Unfamiliar PDFs, zip files, and executables should never be downloaded. These types of attachments may contain programs that could compromise your device and network.

Links and buttons that go to insecure attachments and fake websites are also common. Hover your mouse over any URL before you click.

4. Spelling Mistakes and Bad Branding

Sloppy code, bad grammar, and formatting that looks off-brand are all hallmarks of spam. Other warning signs include embedded forms asking for personal information within an email or pop-up box.

A verified sender has explicit permission to email you in the first place, so a sure sign of spam is the absence of an opt-out option.

Reporting Spam

You can unsubscribe from receiving further communications from a spammer by simply marking a message as spam. For repeat offenders, create an email filter.

And if spam still continues, contact your IT expert to stop junk messages before they reach your inbox. These solutions could include applying role-based-access controls and enforcing multi-factor authentication — as well as updated antivirus and spam analysis software.

Trends in Spam

As millions of people around the world move to remote work, spam is on the rise — from pay-for-play schemes to cryptocurrency fraud to online dating. Some offenders are even exploiting social crises and natural disasters.

Think Before You Browse

Read the entire policy for any websites you visit to prevent unwanted use of your personal data.

You can also alert a spammer's webmail provider or ISP and submit a support ticket about the organization on SenderBase, the largest email monitoring network in the world.

Network Wisely

Limit how often your work and personal email addresses are publicly listed. Ask online networking groups and directories to take your information down and create a "junk email address" for online shopping and browsing.

Finally, update passwords throughout the year, storing them in a secure location.

While the above considerations might not prevent spam from entering your inbox entirely, they may at least help to prevent an unwanted cyberattack as a result.

BROWSE EMAIL PRODUCTS

Additional Resources