Any email address, no matter how tightly guarded, is going to receive spam and fraudulent messages. But with a good spam filter and nose for fishy contacts, you can avoid these messages being any more than a nuisance.
Yet, fraudsters are employing increasingly sophisticated tools to confuse and defraud us right from our inboxes. But if you stay vigilant, you can avoid having your personal information and finances attacked. Here’s how to identify and handle suspicious emails.
Spot scam emails
Scammers don’t arrive in your inbox announcing their intent. Usually, they’re pretending to be companies you have legitimate dealings with, such as your bank, mobile phone provider or even the government.
But there are telltale signs that you’re dealing with an imposter.
- The email address doesn’t match the organisation’s website or any emails you’ve received from them before. Look out for dashes, misspellings, free mail addresses. For example, HMRC doesn't use a Hotmail account.
- The email doesn’t use your name but rather a generic address such as “Dear Customer.”
- The email contains spelling or grammatical errors.
- The email has a sense of urgency—for instance telling you to act now or your account will be closed. The email may also use threats and other scare tactics.
- The email requests your personal information, such as username, password or bank details. Legitimate organisations will never ask for these details in an email.
- You didn’t expect to receive an email from the organisation that claims to have sent it.
If in doubt about an email you’ve received, reach out to the organisation it claims to be from, using the contact information publicly listed on their website and not that contained in the email.
Don’t fall into scammers’ traps
Once you’ve identified a scam email;
- Don’t click on any links within it. If you do open a link, don’t enter any personal information into the website.
- Don’t respond to the sender, even to tell them to stop contacting you.
- Don’t open or download any attachments.
If you do fall for a scam email
If you unwittingly give a digital scammer access to your personal or financial information or lose money to a scam, take the following steps;
- Get in contact with relevant organisations and secure your accounts.
- Report any financial losses to your bank. In some cases you may be refunded under rules protecting consumers victimised by authorised push payment scams, also called bank transfer scams.
- Reset any passwords you believe scammers may have accessed.
- Report the fraud to Action Fraud, run by a police unit gathering intelligence about financially motivated cybercrime.
Report the scam
Once you’ve protected yourself from scam emails, you can help deter fraudsters and protect others by reporting any suspicious contacts to the authorities.
- Forward emails you suspect of being phishing attempts to the Suspicious Email Reporting Service (SERS) at firstname.lastname@example.org. The National Cyber Security Centre (NCSC) will analyse the email and websites it links to.
- If you've lost money to a scam, report it to Action Fraud.
Improve your security
You can also boost your internet security to ensure you don’t receive as many fraudulent emails and that the scammers sending them can’t hijack your accounts or devices.
- Use an email service with a good spam filter that can recognise and isolate scam messages so they don’t even appear in your main inbox. But be aware that no spam filter is foolproof and even approved emails can be nefarious.
- Keep your operating systems up to date.
- Install anti-virus software. But be warned: a lot of anti-virus software is itself disguised malware. Always go with a trusted antivirus security company such as McAfee or Norton.
- Contact your broadband provider to see which security software they recommend. If your current provider does not have a robust security policy, you can use usave to compare broadband deals and find one that does.