Skip to main content Skip to footer

How to spot a scam email

A man in a ghost mask sending a scam email
Not everyone is who they say they are online.

Email is a wonderful invention that it allows us to communicate with people across the world without needing to pay for postage or long-distance phone rates. You can keep in touch with friends and family who might be too busy to return a phone call, and you can get in touch with most organisations, businesses, and services via email nowadays.

But just like with the post and the phone-lines that came before, there are scammers and fraudsters who will use this method of communication to try and steal from you.  They attempt to get you to hand over personal information from them, which they may use to fake your identity for fraudulent purposes, or even try to steal directly from your bank accounts. This is called “phishing” (fishing), as they will try to bait you into getting on their hooks.

Luckily you can almost always see through these scams with just a little bit of vigilance and diligence.  In this short blogpost we’re going to highlight some of the methods you can use to see through these ruses.

Are you expecting this email?

Unexpected emails and social media messages should raise suspicion. Be aware of emails claiming to be from online shopping sites, subscription services and banks, and be especially wary of emails from banks where you don’t even hold an account. If in doubt, contact the organisation directly.

Have you been asked to share personal details?

Never share your personal details with anyone if you can't confirm their identity. Banks and other businesses will almost never ask you to disclose personal details over email unless it’s a follow-up to an issue you’ve raised yourself. It’s very unusual for legitimate organisations to contact you and ask for sensitive information if you’re not expecting them to. If in doubt, contact them directly in whatever manner you would normally rather than through the email you just received.

Are the contact details legitimate?

The name on the top of the email may look correct, but people can use any name they want for their emails. Make sure you check the email address itself. Additionally, check who else the email was sent to. If it was sent to a large group of people with similar names or email addresses to your own, chances are it’s a mass-email scam.  The more emails scammers send out, the more likely it is someone will respond, so they send phishing emails to as many people as possible.

Have you been sent any links?

While a link in an email may say it will direct you to a certain page on a company website, this is just as easy to fake as the emailer’s name. However, there is a way to check them safely.  Hover your mouse cursor over links to double-check where they will send you. The address the link will send you will appear either over the cursor or at the bottom of your screen. While checking links in an email this way, be extremely careful not to accidentally click on them. Make sure your security software is up to date just in case and set it to update itself regularly if you can.

Have you been sent any attachments?

The email may include a file. This is usually indicated by a little paperclip icon, which shows you that a file has been attached. Do not open any attached files or documents if you’re not expecting any as it could be “malware”, MALicious softWARE designed to give hackers a way to use your computer remotely. Even if the attached file is something like an image file or a document, do not open it! Malware can be embedded in seemingly innocuous filetypes. As we mentioned earlier, make sure your security software and antivirus programs are properly installed, updated, and activated.

Is the email professional?

Check the little details. You can often catch out scam emails due to their sloppy presentation. Look over the email carefully. Is the spelling and grammar full of mistakes? Is the corporate branding for the company or organisation the email claims to be from correct and well-presented? Are the copyright dates at the bottom of the email out of date? These are all minor things to notice but they are often the signs of fraudulent email, as most reputable organisations would be extremely careful about sending out unprofessional emails.

Are you being pressured?

A lot of scams try to catch you off-guard by claiming to be urgent and time sensitive. They may claim to be from an authority such as the police or HMRC. Some may even threaten you or try to extort you by claiming to have incriminating or embarrassing information about you.  Occasionally the email may include your password to "prove" that it is legitimate. If this is the case, the important thing to do is to stay calm. These threats and claims are almost always lies, and the scammer wants you to panic and respond to them without thinking things through. Keep your cool and analyse the email carefully before you do anything. If the email does include your password as proof, immediately change it, and make sure you're not using the password on any other websites. You should use a different password for each website, ideally. If the email claims to be from the police, HMRC or some other authority, contact them directly and report this to them. They will want to know about fraudulent emails sent in their names. Finally, if you've been threatened with the release of sensitive or embarrassing information and images, think rationally about the situation. If the person emailing you actually had something like that, they would show to you it as proof. This is a bluff designed to put you off-balance and act without thinking things through. Do not fall for it, and certainly don't follow any of the demands.

If you’ve read through this guidance and you think an email is a scam, most email services will have the option to report it to them. Check the options available to you in the email and look for one that says “Report as phishing scam” or something along those lines. The phrasing may differ between providers, but these days phishing scams are so common that almost all providers have options for dealing with them. If not, simply delete the email or move it to your spam folder.

All these things to check for may sound like a lot to worry about, but it really isn’t. Just stay vigilant and don’t be too trusting of unexpected emails, and soon looking for these signs of a scam will become second nature to you.

Cookie notice

Find out more about how this website uses cookies to enhance your browsing experience.