Identifying Scam Emails

by Dantec


Scammers go to great lengths to deceive you and lure you into giving up personal info. Once they have what they want you can kiss your game account goodbye. Scam emails will generally attempt to install malicious software, such as keyloggers, or lead you to a "spoof" site where they will attempt to trick you in entering your account information. Scam emails work by tricking you into thinking they're sent from a legitimate source, usually the game developer. The good news, however, is that with a little bit of knowledge you can easily identify these emails for what they are. This guide was written using a piece of scam mail that was sent in regarding World of Warcraft, but the details are the same regardless of the game.

Face Value

This guide will be using Gmail's web based interface. While they may be named something else, all of the options discussed here are available in just about any email client with any email service.


Take a look at this email header. It looks legit right? Says it's from Blizzard, and the email address looks official. Note, to see this you'll need to hit "show details" along the top portion of the email. Actually this email address has been spoofed...

Behind the Curtain

Luckily, in the case of this particular email, Google already tagged it as spam. Let's pretend it didn't though. In practice, it's a good rule of thumb to check the validity of just about any email that links to anything valuable. In today's age information is valuable, so you should be checking almost all of your emails.


A give away of most scam emails is that they will want you to verify your account information. They'll usually tell you that your account has been compromised, or that you've incurred some kind of infraction that you can dispute.


The first thing you'll want to do is view the original email. Using Gmail you can do this by clicking the small arrow in the top right of the mail window and selecting "Show original". This will show you the original, raw, email. This will also show you much more info about the sender.

What we're interested in is the in the upper portion of this page. The Return-Path shows the email address of the sender. In most cases this will be the true address that the email was sent from. In some cases this can still be fake, or at the very least sound official. In this case we can see that the email was obviously not sent from the one we were lead to believe it was. We could now easily write the email off as a scam and delete it. If, however, the email address didn't give away the scam we could also check the IP address it was sent from, in this case Using a Geo IP Tool we can find the general location the email was sent from.
It's a pretty safe bet that Blizzard isn't emailing us from China... Note that even the IP address can be faked or redirected, but it's not likely that a scammer will go through this much trouble. You can get even more information by using a WhoIs tool. This will tell you more about the domain and who registered it. If you were so inclined you could use this information to report the scammer to their host and/or ISP, and potentially get them banned and their account closed.

Small Timers and Deep Thinkers

90% of the time scammers will use throw away, mass produced, email addresses. In some cases, however, some nitwit will actually attempt this by using his personal email. You can usually tell this if they're using a common email host, like Yahoo for instance.

This is either a small time scammer creating throw away Yahoo addresses or somebody that has attempted to scam using his personal email. In any case the best course of action is to report him by contacting Yahoo directly. They'll usually close the account right away, chalk one up to the good guys.