Many spammers and scammers are very good at making junk and spam email that may seem believable, but hopefully some of these tips will better improve your ability to distinguish between an email that is real and one that is fake.
Tip 1: Name of Sender
Pay attention to the name of the sender, and the name before the "@" symbol in the email address. Often scammers will constantly change email addresses to avoid being caught by large Internet Service Providers, so they may use a name that is randomly generated and continue to change it. If you see a random string such as "6g8ws92ns7c52" as the name, you can rest pretty confident that this email is not legit. However, even if the email comes from someone you know personally, that does not mean that it is not spam. Their account may have been taken over by a scammer.
Tip 2: Domain Name
Also pay attention to the domain name (the name after the "@" symbol in the email address). If the email address is coming from a website that is in no way affiliated with the organization the email is claiming to be coming from, you've spotted a fake! Sometimes scammers will use clever domains such as "BankSecurity.info" and then use a subdomain like "Scotiabank" to create an email address like "firstname.lastname@example.org". Be aware that this domain does not belong to Scotiabank; it belongs to the owner of BankSecurity.info (who could be anybody!). Official emails from large organizations such as Scotiabank will certainly never come from publicly free-to-use email domains such as "hotmail.com" or "gmail.com", so be sure not to fall prey to phishing scams from addresses with these domains.
Tip 3: Check Spelling and Grammar
As pathetic as it is, spammers often make spelling and grammar errors in their emails. If you receive an email from a organization like your bank filled with these errors, you can probably call it safe to assume it is not legit.
Tip 4: Generic Greetings
Check for generic greetings such as "Dear Valued Customer". When you apply to online services, you usually provide them with your first name, so they should already have it and be capable of including it in their email to you. If your name is not included, the scammer probably does not have any information about you.
Tip 5: Urgency
Professional organizations, such as your bank will not require you to perform any sort of action in an extremely limited amount of time. If an email requires you to do something with X amount of hours, that is often a good indication of spam.
Tip 6: Don't Click Links
If an organization, such as your bank requires you to log in to your account to do something, be suspicious about links that apparently take you to their log in page. As an alternative, log on to the website the way you normally would in your browser and navigate from there.
Tip 7: Personal Information
Pay attention to requests for personal information. Organizations such as eBay, Amazon, PayPal, and your bank will never randomly ask you for personal information, especially over email.
What do you do once you've identified an email as spam?
Delete it, report it to your Internet Service Provider. DO NOT reply to it or provide any information to the scammer.
If the email is sent to your @uwaterloo.ca email address and you are in doubt if this email is indeed spam or phishing, you can forward the email as an attachment and send it to the Security Operations Centre, University of Waterloo. Their email address is email@example.com and copy the Pharmacy IT Help Desk at firstname.lastname@example.org