The email looked almost convincing at first glance. Subject line: “Payment notice.” Attached: a PDF file bearing a well-known company logo. But as someone who regularly reports on tech and fraud, I knew something didn’t sit right — and I decided to investigate.
What I discovered is a textbook example of a modern email scam, and a reminder that anyone can be a target.
Here’s how I knew it was a scam — and what to watch for:
Red Flags from the Start
The email came from someone named “Dokuro,” a name I didn’t recognize and certainly had no pending business with. That alone was enough to raise suspicion. The sender’s email address was a random Gmail account — something no legitimate business would ever use to send invoices.
Even more suspicious: there was no message in the body of the email. Just the attachment. No context, no greeting — nothing. Just a PDF file preview showing a McAfee logo.
When Branding Looks Real — But Isn’t
At first glance, the attachment could fool a McAfee customer. But even perfect branding means nothing if the message comes from an unofficial source. That’s why I followed my own rule: go straight to the source.
I opened a new browser window, searched for McAfee’s official website, and found their support line. An automated message said: “If you are worried about a potential email scam, forward it to scam@mcafee.com.”
A representative quickly confirmed my suspicion — the email was fake. “We will never send emails from Gmail accounts,” they said.
A Second Opinion from an Expert
To dig deeper, I contacted Dr. Abbas Yazdinejad, a postdoctoral researcher at the University of Toronto whose work focuses on AI and threat detection. He immediately noted the PDF filename was randomly generated — another hallmark of scam attempts.
Dr. Yazdinejad explained that AI is now helping scammers craft incredibly convincing emails and attachments — complete with authentic-looking branding, perfect grammar, and embedded links. The danger? Many of these PDFs don’t contain obvious malware. Instead, they hide malicious links that activate only when clicked.
How Scammers Dodge Security Filters
Modern scammers are also using AI to test their fake emails against antivirus software and spam filters. They exploit weaknesses by disguising harmful code or burying links within images or PDFs. This explains how a scam like this one slipped past my inbox’s security systems.
How to Stay Safe
Here are a few practical steps to help you spot and stop email scams:
- Check the sender’s email address. Official communications don’t come from Gmail or Yahoo accounts.
- Be wary of vague subject lines like “Payment notice” or “Urgent invoice” with no context.
- Don’t trust attachments without a message. Legitimate businesses will explain what they’re sending.
- Hover before you click. Place your mouse over any link to preview the destination URL before opening it.
- When in doubt, go directly to the source. Don’t reply or click. Visit the official website or call customer service.
Scammers are getting smarter — but so can we. Recognizing the signs, staying skeptical, and verifying before engaging are your best tools for staying protected.
Next time an unexpected invoice lands in your inbox, take a pause. It might just be the start of a scam.