Our Blog page banner

How to spot an email phishing scam

We’ve all heard the horror stories – a friend or relative has received an email from a sender they thought they could trust, only to discover they’ve been tricked into giving away their money.

This type of hoax, known as phishing, involves a scammer posing as a legitimate business and convincing the victim to give out their personal details, send money, or download malicious software.

With scams becoming increasingly convincing, it’s often difficult to tell if an email is genuine.

The best precaution is to stay alert, and keep an eye out for the following indicators.

1) Poor spelling, grammar, and presentation

This is often the most obvious sign that an email is not genuine.

Legitimate companies have editors to check their emails before they are sent out, so it’s right to be suspicious if the message is riddled with typos and odd phrasing.

2) Generic greeting

If a scammer doesn’t know your name, they’ll try to disguise it with a non-specific opening.

The greeting might read something like ‘Hi’ or ‘Dear customer’, or they’ll use your email address in place of a name.

3) Posing as a popular brand

Most scam emails are created under the guise of a well-known, trusted brand.

The giveaway is often inconsistent branding, such as a false website URL or a low-quality logo.

One way to check a link is to hover over it without clicking, and see if it matches the text in the email.

4) Suspicious email address

The message might come with a trustworthy display name, but remember to look closer at the address it’s sent from.

Scammers often use free email addresses, such as Gmail or Yahoo, and try to disguise them as an official company email.

5) Threatening tone

Many phishing emails will do their best to convince you their request requires urgent attention.

This could mean a promise of rewards or deals, but it’s also common for scammers to employ scare tactics, claiming that you owe money, or your account could be deleted if you don’t act now.

Whatever the email demands, don’t be intimidated. Take the time to read it carefully, and don’t click on any links or attachments until you’re completely sure an email is legitimate.

Still not sure?

If in doubt, use information you know is reliable.

You could go to the company’s real website and log in there, to see if anything has changed in your account, or get in touch with them directly to ask if the message is genuine.

Don’t use any addresses or phone numbers from the email to do this. Instead, find the company’s official website using a search engine, and use the contact details they have provided.

If you have reason to believe you’ve been a victim of a scam, contact your bank or card issuer as soon as possible and report it to Action Fraud on 0300 123 2040.