Email scams: how to avoid email fraud and stay safe online

Email scams can affect us all, with email accounts inundated every day with spam and phishing attempts.

The best way to stay safe when sending and receiving email is to remain sceptical and stay cautious.

Steps we can take to protect ourselves and our computers include avoiding opening attachments and ignoring email from people we don't know.

If we do open an email, there are often plenty of tell-tale signs to signal we're looking at a scam, from the sender information down to the branding of the email.

How to stay safe when using email

The latest data from Statista shows 306.4 billion emails were sent and received every day in 2020. That figure is expected to rise to over 361.6 billion daily emails by 2024.

While we often hear people proclaiming email is dead, these figures show otherwise, so it's important for us all to be vigilant when checking our inboxes.

Scam emails can be a way of hoodwinking us into sharing personal information with fraudsters, potentially leading to fraud or identity theft.

Older people who are being encouraged to get online and the digitally excluded who are being pushed by modern life to get online may be at particular risk of falling for these scams, although all us can fall victim to an email scam if we're not paying full attention.

Here are our top tips for staying safe when using email:

1. Don't open email from unknown senders

Most of the genuine emails we receive will be from names we recognise, whether those are names of family members, friends, companies we've shopped with or charities we've supported in the past.

The first red flag for a suspicious email is if the sender is unknown to the recipient. Of course, some emails from strangers will be welcome, but treat unknown senders with caution.

As well as unknown email addresses and sender names, the subject lines of some emails will immediately look unusual.

There's more information on how to spot suspicious email address and subject lines later in this guide.

2. Don't open unexpected attachments

Email attachments are a primary source of viruses and malware, so the best thing we can do is simply ignore attachments unless we're certain they're legitimate.

These are instances where attachments may be genuine:

When a friend has told us that they will send us a document or image
When a company is sending a regular or expected bill or receipt
When an organisation is sending an expected newsletter or brochure

The key point here is whether an attachment is expected or not.

Even emails from genuine friends may include dangerous attachments if their account has been hacked or compromised. Don't assume that just because the sender is known to you, the attachment is safe.

If in doubt, don't open it.

3. Don't click on links within emails

Links are another common way of directing users to websites where their details may be stolen or malware installed on their computers.

Many legitimate companies are at pains to ensure customers know their emails are genuine. So, while they may include links within the emails, there's always a way of finding the information linked to by going directly to the website instead.

Extra tip: Always open a browser window and visit a company's website directly rather than following any link within the email that purports to go to their website. Even links in the footers of emails can be suspicious.

If a link is within an email sent by a friend or family member, we should ask ourselves whether that person normally sends us links and whether the email as a whole looks legitimate.

Again: if in doubt, don't click.

4. Use the spam folder

Every email service provides a spam folder where unwanted and potentially malicious emails can be moved to or are automatically sent.

If we receive an email that we've concluded isn't legitimate, moving it to the spam folder will help to prevent future emails from that sender from making it into our inboxes in the future.

Spam filters also learn from our previous actions. So, if we've moved an email with a subject line that says, "Greetings, did you receive my prior email", into the spam folder, the system may choose to send future emails with those suspicious subject lines straight to spam.

It works for email addresses too, so if we're being harassed by a particularly persistent spammer, moving their emails into the spam folder will stop them appearing in our inbox.

5. Use antivirus software

Installing a reputable piece of antivirus software on our computers and other devices can help prevent viruses from emails making it onto our computers.

Antivirus software doesn't have to be expensive. Here are some free or cheap options:

Microsoft Defender Antivirus
Kaspersky Security Cloud Free
AVG Antivirus Free
Avast Free Antivirus
Panda Free Antivirus

These antivirus tools will usually scan email attachments for viruses, providing a useful extra layer of protection when opening genuine images and documents.

6. Be cautious when using open wi-fi

Wi-fi hotspots and public wi-fi are great to help us get online, but they can come with security risks.

To protect our email accounts, we should avoid signing into them via unsecured wi-fi, just in case anyone nearby decides to hack into our account and access our personal information.

7. Avoid sending sensitive information over email

Even if we trust the person we're sending an email to, remember that we lose control over the contents of the email as soon as we hit send.

That's why including sensitive or personal information in the contents of an email can be risky. If the person we send the email to has their account hacked or isn't as tech-savvy as they could be, that sensitive email we've sent them with bank details or passwords in could easily land in the laps of scammers.

Treat every email as a potential security breach and think twice before including any sensitive information.

8. Keep passwords secure

Strong passwords are a strong line of defence against hackers, and our email account password should be the strongest of the bunch because it potentially allows access to so much more information.

If we access our email accounts on public computers such as those at libraries, we should regularly change the passwords just in case. These public computers are more vulnerable because of the sheer number of people who use them, so get into the habit of changing passwords for security's sake.

A quality password is one that can't be guessed easily by anyone else. Stay away from names of family members, birthdays, favourite foods and anything that someone with information about you could use to access your accounts.

How to spot email scams

Every time we're faced with an email, we should be looking out for the tell-tale signs of a scam.

Even if the email purports to be from a friend or a company we're familiar with, there's still a chance they aren't the ones who have sent it.

So, keep your eyes open for these six signs of a scam email.

1. Unusual sender information

Looking closely at the sender information of an email can immediately tell us whether an email is suspicious or not.

As we've already mentioned, if we don't know the sender of an email, we should always be cautious about opening it at all, but what if we think we know the sender?

There are a couple of crucial things to check about the sender:

Does the name on the email match the name in the "from" address? Scammers will often change the name to something more likely to be opened such as "Jane Smith" or "Ben Jones", but the details in the actual address the email was sent from may include random numbers and characters or even a different name entirely.
Does an email from a company come from a strange address? Scammers may match a legitimate email address almost entirely apart from an extra couple of letters in the name or an unexpected international domain name like .in or ng.

Often, the email address of the sender can be found in the email header. Depending on the email client you use, you may have to hover or right-click on the name of the sender to see the email address behind it.

2. Unusual or impersonal greeting

One common sign of a scam email purporting to be from a company comes when they don't use our names in the greeting or first line.

Watch out for:

"Hi" or "Greetings" with no name afterwards
Email address used in place of a name

These speculative emails are barely even trying to look legitimate, but, increasingly, scammers are making use of our personal information to include our actual name in the email greeting.

If that is the case, we need to carefully examine the rest of the email rather than just accept it's from a genuine sender.

3. Branding isn't quite right

Scammers will try and mimic the branding of a reputable company like Netflix or Tesco, but they don't always get it right.

Watch out for:

Poor quality logo
Outdated logo
Logo placed in odd position on email
Colour branding of the email doesn't match the logo

If in doubt, check the last legitimate email received from the company and see if the branding matches.

4. Poor spelling, grammar and style

Poor presentation used to be a sure-fire way of spotting an email scam, although scammers are getting better at how their emails look and sound.

Even so, keep an eye out for:

Spelling mistakes
Commas in unusual places
Poor use of full stops and capital letters
Multiple font styles and sizes
Multiple logos

Remember, genuine companies put a lot of effort (and money) into making sure their emails look and sound professional. The odd typo might sneak through, but anything more than that points to a fake email.

5. Requesting personal information

Any email asking for personal information without warning is likely to be a scam.

Genuine companies will never ask for personal information to be relayed over email and, if the email asks for us to click through to a website and enter personal details there, we should always visit the known website of the company by typing it directly into the search bar rather than clicking any links (as discussed above).

Never reply to an email with information such as:

Bank details
Credit card details
PIN numbers
Passwords
Answers to security questions

Plus, ignore any requests for seemingly innocuous information such as the name of your first school or confirmation of the street you live on. These can all be used to build up a picture and create more convincing scams against you in the future.

6. Making threats or pressing for action

If an email is putting us under pressure to take an action quickly or threatening that, if we don't do what they want, something bad will happen.

Emails from genuine companies will never make threats or put us under pressure to make a decision quickly.

They may legitimately point to a limited time offer or point out that our account needs some action taking, but it will all be done in a professional manner and won't request we send money via an email address or other unusual payment method.

Crucially, if we go to the company's website and log in to our account that way (or contact them through a known email address or live chat function), we'll be able to see any genuine offers or information there.

As we saw at the height of the Payment Protection Insurance (PPI) scandal, companies sending speculative emails can sometimes come across as pressurising or even threatening, even if they're offering a genuine service.

If you do need that service, going with a company that doesn't deal in scare tactics can help both now and in the future when they may send more emails pushing other services.

Conclusion: stay vigilant

Scammers thrive on the fact that we're all busy and that we sometimes don't pay complete attention to the small tell-tale signs which show an email is suspicious.

If in doubt about any email, the best option is to delete it immediately. We need to be absolutely certain that an email is genuine, or we may be putting our computers at risk or even our bank accounts.

Remember our seven tips to avoid being hoodwinked by a scam email: