How to tell if an email is from a scammer

Cybercrime continues to pose a significant threat to the UK economy, exacting a staggering toll of £27 billion annually, and it’s expected to rise. Email scams are the most common type of cybercrime and they’re becoming increasingly complex and convincing. Even if an email comes from a company you know and looks legitimate, it could still be fake. This is why it’s important that you and your employees know how to tell if an email is from a scammer.  

Safeguarding against email scams has never been more critical for businesses. In this blog post, we outline eight quick and easy ways to spot a scam email and explain how you can protect your business. 

What is an email scam?

An email scam, also known as phishing, is a malicious attempt by criminals to steal data or sabotage your business. This is when you receive an unsolicited email disguised as an email from a legitimate, trustworthy source and you’re tricked into clicking on a bad link or downloading an attachment. 

Phishing scams can affect a business regardless of size, industry or location. You might be unlucky and get caught up in a mass campaign, or it could be a targeted attack against your company. It’s estimated that 3.4 billion scam emails are sent every day so it’s important that your team knows how to be vigilant.  

Eight quick and easy ways to spot a scam email

1. Check the sender’s email address

Is the email from a company you know? Does something about the sender’s address not seem right? If you suspect the email is a scam, then take your time and closely inspect the email address.  

Pay specific attention to the domain name (the part after the @ symbol). If the email has come from a domain that’s not affiliated with the apparent sender, then it’s likely a scam.  

It’s important to note that no legitimate company will send an email from a public domain such as ‘@yahoo.co.uk’ or ‘@gmail.com’. Most companies have their own business domain and email accounts for sending emails. For example, legitimate emails from PayPal would come from ‘@paypal.com’. 

Sometimes it can be trickier to spot a scam email. Criminals are clever and often masquerade as the brand they’re trying to impersonate. Watch out for email addresses that look very similar to the official ones. For example, ‘@ebay_h3lp.uk’ and ‘@dpd.delivery.org’. Check for extra punctuation and random letters or numbers hidden within the email address.  

If you’re unsure if an email address is genuine, it’s easy enough to check. Simply, refer to previous communication from the company or search the email address online to see if it’s valid. 

2. Be careful when clicking links

Think before you click. Scam emails usually contain bad links that are cleverly disguised. If you receive an email asking you to click on a link, it could potentially be an email scam. Examine the email carefully before clicking on anything. If the URL doesn’t match the context of the rest of the email, then it’s most likely an email scam. 

Sometimes email scams are more sophisticated and hide the destination URL within anchor text or buttons with calls to action such as ‘Claim now’, View here’, and ‘Register today’. You can easily identify a bad link by hovering over it with your mouse to reveal the destination URL.  

If the link looks legitimate, but you’re still unsure you can enter it into a link scanner such as Norton SafeWeb. Most importantly, follow your gut instinct. If the link looks suspicious, don’t click on it! 

3. Be cautious of suspicious attachments

Likewise, you should be wary of email attachments. Quite often scam emails contain an attachment that will infect your computer with malware (such as ransomware) if you open it. Malware is a type of malicious software that hackers use to damage, disrupt or gain unauthorised access to your computer system.  

Never open an email attachment unless you’re confident it’s legitimate. If you’re unsure, you can double check by contacting the company via other means such as a customer help number on their website.  

4. Check the branding

As we’ve already mentioned, scammers often try to impersonate well-known brands – and they’re getting better at it. One tell-tale sign you should still look out for is the presentation of the email. 

If you receive a suspicious email, make sure you check it for signs of poor-quality or inconsistent branding. Look at the quality of the logo and images used on the email – a genuine company would use high-resolution images so they shouldn’t be pixilated. It’s also worth visiting the company’s official website to check that the logos, fonts and colours used on the email match the site’s branding.  

5. Keep an eye out for typos and poor grammar

Sometimes it pays off to act like the grammar police. Large companies are unlikely to send out emails with sloppy spelling and grammar. If you receive an email that’s full of mistakes and doesn’t make sense, it could potentially be a scam email.  

Unfortunately, it’s too easy to miss these errors when you quickly scan through your inbox. If you receive a suspicious email, take a minute and scrutinise it for poor spelling and grammar. 

6. Be wary of requests for personal information

Legitimate companies rarely ask for personal or financial information via email. If you receive such a request, contact the company directly through a trusted channel to verify. 

7. Are they rushing you?

Fraudsters want you to act quickly before the penny drops and you realise it’s a scam. This is why scam emails often use ‘scare’ tactics where they create a sense of urgency by telling you to act now or miss out on ‘exclusive’ deals.  

Don’t let your guard down. Take your time and look for other clues mentioned in this blog post. The longer you think about it, the more likely you’ll notice more things that don’t seem right.  

8. Is it too good to be true?

If it’s too good to be true, then it probably is. For example, a common mass targeted fraud to be wary of is the fake prize scam, where you’ll receive an email saying you’ve won a prize like an iPad or new car. But there’s a catch…you need to register your details, and you only have one hour to do so, or you’ll miss out. 

What happens if you open a scam email?

Nothing. If all you do is open a scam email without interacting with it, then you’re pretty safe. However, you’re not completely out of the woods. The hacker can still gather information about you such as your IP address and location. This information can then be used for future, more sophisticated cyberattacks. Next time an email hits your inbox, don’t rush to open it without checking it first to see if it looks like a scam. 

What should you do if you open a scam email and interact with it?

Mistakes happen. If you open an email and interact with it, then realise later it was a scam, make sure you take the following steps: 

1. Disconnect your internet

Disconnect your desktop computer or mobile device from the internet immediately. This will stop hackers from stealing your data because it’s unlikely that the malware will be able to send the data without an internet connection. 

2. Scan your device for malware and viruses

Use anti-virus software such as Trend Micro to scan your device for malware or viruses. The software will search every nook and cranny, and quarantine any malicious threats that it finds.  

3. Change your passwords

Change your passwords immediately, and make sure you create a strong password that will take longer to crack. Ideally, your password should be 10 or more characters long and contain at least one uppercase letter, number and symbol.  

4. Secure your online accounts

As well as setting up strong passwords you should consider setting up Two-Factor Authentication (2FA) for extra security. 2FA means you’ll need to provide extra information to gain access to your accounts. This information will fall into one of three categories: 

• Knowledge (something you know) — e.g. a passcode or the answer to a security question such as mother’s maiden name. 
• Possession (something you have) — e.g. a one-time verification passcode you get by text, email or from an authenticator app. 
• Inherence (something you are) — e.g. a biometric such as a fingerprint scan or voice recognition.  

5. Report the scam

If you receive a scam email, you can report it to National Cyber Security Centre (NCSC). Simply, send a screenshot or forward the email to [email protected].  

The NSC is a government agency that has the power to investigate and take down scam addresses and websites. By reporting the suspicious email, you can reduce the amount of scam emails you receive and help protect others from cybercrime. Once you’ve reported the scam email, you should delete it from your inbox and communicate it across the business so no one else falls victim of the same scam.  

How to handle staff who fall for phishing emails

According to Cyber News, one in three employees will fall prey to phishing emails. We’re only human and mistakes will happen, but falling for an email scam can be costly and land companies in big trouble.  

Carrying out regular phishing simulations can help you understand your risk level. It’s also a great way for your employees to learn how to spot a phishing email in their own mailboxes. 

If an employee continually fails your cyber security tests, assess the risk before deciding what action to take. Collaborate with your HR team and answer these questions: 

• Do they have access to sensitive data? 
• Can they access funds? 
• If they click on a real phishing link – what’s the worst that can happen? 
• If they download malware – how would it affect the rest of the business? 
• Could they benefit from additional training? 

It’s important that employees feel that they can report potential breaches to your IT team. Focus on creating an open culture where people don’t feel reluctant to report any suspicious emails they may have interacted with.

Final thoughts

Billions of scam emails are sent every day. This poses a major risk for businesses so it’s important that your team knows how to tell if an email is from a scammer. Investing in cyber security and awareness training for your employees is a good place to start. Get in touch for more information about the cyber security services we offer.