Most of the time, you should be able to spot scam emails on your own, without the need of a snarky I.T. professional like myself. Here is an example of an email received by a client recently:

From: OutlookAdmin365 []
Sent: Tuesday, February 20, 2018 10:34 AM
To: John Doe <>
Action Required: Unfamilair Login-


 Someone attempted to sign in with your email ( ) from an unknown location.
Date Received: [ 13 February 2017 02:02am] 

We restricted the attempt and we put a lock on your account for incoming and outgoing message till you sign in from a familiar location




Thanks for taking these additional steps to safe guard your email.

© 2017 Outlook Corporation. All rights reserved. | Acceptable Use Policy | Privacy Notice 



So, let’s start at the email address it was sent from. Don’t be fooled by the friendly email name, in this case, “OutlookAdmin365.” That by itself seems somewhat plausible, but then look at the actual email address of “” That is clearly not a normal email address. When do you ever see the random characters as a part of the prefix of an email address? Well, you don’t. And the part after the “@” is equally weird – what would have to do with Microsoft 365? Sure, it could be from a hosting company that resells 365 like GoDaddy or something, but here, that is not the case.

At this point, I am done – I have seen all I need to know this is fake. I could look up that company and see who they are, if they exist, but I don’t need to, because I know they have nothing to do with my client’s email. But, since there are so many issues with this email, I will go on.


Subject: Action Required: Unfamilair Login- Red circle is weird. Whatever. Ah, our first spelling error appears right in the subject. I am unfamiliar with the “word” unfamilair.


Hello, If it seems like a bad robot not associated with Hollywood Director J. J. Abrams put that in there, I would agree. Professional emails are not greeted like that. I recently got an email myself from a local service provider trying to get me to meet with some low-level salesperson that was greeted, Hello Kannenberg. I did not meet with that salesperson.


So, this first sentence is relatively legit:

Someone attempted to sign in with your email ( ) from an unknown location.
Date Received: [ 13 February 2017 02:02am] 

You may be used to websites telling you something similar when you log in from a computer you don’t normally use. So this part is done well enough, although an American company would not write the date in that format as a general rule, but that is nitpicking.

Now, the next part is not so good.  We restricted the attempt and we put a lock on your account for incoming and outgoing message till you sign in from a familiar location. Always look for awkward language, like a non-native English-speaker is trying to tell you something. Most legit companies, even if they are not based in the US will still format emails without using awkward phrases like “restricted the attempt.” That is not something we say. In any situation. Try to use that in a phrase that sounds natural. “We restricted his attempt to rob the bank.” “He tried to shoot a three-pointer, but I restricted his attempt.” “My date was going well, but she restricted my attempt to Netflix and chill.” See – doesn’t work.

Then we have some singular/plural awkwardness. “We put a lock on your account… for incoming and outgoing message….” First, it should be “messages” and the whole phrase is again, said in a very clunky way. And, still in that phrase “till you sign in…” The word they were looking for was “until.” Spell check won’t catch that one, because one can, of course, till ones own field. Yes, I often heard the phrase “wait till dad gets home” as a child, but had my mother written it down for me, I am certain that she would have used the word “until.”


All I can say is, don’t click on the link. Never. In this case, what could that link possible take you to? That is not how logging into email works. Obviously I removed the link from this email, but you can almost always right-click on a link in an email, and see what the address is. In this email, it started with “….” Is that a link to your email server? Does it match the sender’s email in any way? Is it something you have seen before? What is .gr, and who is Irene?


Not much to say here, but the word is safeguard. It isn’t two words.


Even that is wrong here. You can’t tell from my example, but there were no links. It says Acceptable Use Policy and Privacy Notice, but they are just words – no link to click on, no explanation, no nothing.


So, in the end, this is a particularly easy one to pick apart. They won’t all be though. Some of the UPS/FedEx ones are pretty good, and we are always waiting for a package, so the urge to check on something is great at almost any time in our lives. If you have an IT resource, of course you can always use it. But, MOST of the time, you can figure this out on your own. Hey, that’s what I said at the top of this post too. Full circle… full circle.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s