You should be wary of links you receive in emails, especially if the email was unsolicited. There are several things you can do to determine the legitimacy of the email without clicking the link (often, if the link is malicious, just clicking the link is enough to install the malware on your computer). 

Note: While this article uses an email claiming to be from eFax as an example, the process for discerning if a link is legitimate can be applied to any email that you receive. There have been similar scams involving emails claiming to be from Microsoft, USPS, and other legitimate groups. 

I. Check for "Warning Flags" in the Email

Illegitimate emails usually have at least one of the following:

• Spelling/grammatical errors in the body text of the email
• Long, alphabetical lists in the "To:" field 
  • Or nothing in the "To:" field
• Vague "Subject" line
• Missing salutation ("Hello", "Good afternoon", etc.)
• Sense of urgency (i.e., "This link will expire in 24 hours")

An email with these characteristics is suspicious, and should be viewed with caution (don't click on links, open attachments, etc.).

II. Check Links for Legitimacy

If a suspicious email contains a link, you can verify its legitimacy. Move your cursor over the link, but do not click it, hold your cursor there for a few seconds, and the destination of the link will pop up. A link that appears to go to one location, but actually links to another is a big red flag.

In the example below, the link text reads "http://www.efax.com/fax..." and it appears to be legitimate, but when the cursor is hovered over it, we can see that it actually links to "http://slash.ma/efax_7132159010.doc". Always check the destination of links before clicking on them.

To try and appear legitimate, these emails will often include links to valid pages. In the example below, the email does include a link to a help page on the legitimate eFax website.  A fraudulent email may contain legitimate links, so be cautious. 

III. Check Phone Numbers for Legitimacy

Some fraudulent emails (especially those claiming to be from eFax or eVoicemail) will contain a phone number. Just as we analyzed the link without clicking it, we will check the phone number without calling it. 

1. Go to http://www.whitepages.com/
2. Click on Reverse Phone Lookup
3. Enter the number
4. A strange/unexpected location is a red flag

IV. Scan the Links

VirusTotal is an online service that can be used to verify the legitimacy of links. To scan a link

1. Go to https://www.virustotal.com/
2. Click URL
3. Enter the destination of the link
   • You have to manually type in the link (do NOT copy and paste from the email), as in the example above, the link appears to go to an eFax page, but it really goes to a slash page; copying and pasting the link from the email would cause VirusTotal to analyze the legitimate eFax page, rather than the actual destination of the link
4. Click Scan It

• Detection ratio: this number indicates how many vendors recognize it as malicious - a legitimate site should have a score of 0
  • If your link has a score of 0, click "Reanalyze" to confirm that the site is legitmate  
• Analysis dates: if the email claims to link to something personal (as in this example, a fax), then there should be no "last analyzed" date, as your link would be unique

V. Scan the Download

While on the same VirusTotal page, click on download file analysis. This will open a similar-looking page; however, this page lists what (if any) antiviruses have detected the file as malicious. If your file has ANY malicious results, DO NOT download it

The Email is Fraudulent, What Now? 

In this example, the email is not legitimate and downloading the fraudulent fax would result in a virus infection. If you find that you've received an email  that's fraudulent, you should mark it as spam - this will help to improve Google's filters. As a precaution, you should empty your spam folder after marking the email as spam.