A guide to protecting yourself online.
Want to save this for later? Download an eBook copy here.
This guide is designed to give you a quick reference point for scam email signs, so you can be confident in your own ability to sniﬀ out when something is wrong.
Scam emails are designed to trick you, and unfortunately some are really good at it! They can use company logos and oﬃcial email headers to pose as a trusted source such as your bank, and other organisations that you have online accounts for.
Common Signs It’s A Scam
• The sender’s email address may be diﬀerent from the trusted organisation’s website address, even if only slightly. The email may be sent from a completely diﬀerent address or a free webmail address.
• The email might use a generic greeting such as “Dear Valued Customer.”
• There is an urgent call to action, such as: ‘unless you act immediately your account may be closed’, ‘ your account has been suspended’ or ‘your account had an “unauthorised login attempt”’.
• A prominent website link. These can look very similar to the correct company address.
• A request for personal details such as usernames, passwords, phone numbers or bank details.
• If you’re not expecting an email from the ‘trusted source’ that the email appears to be from, or if they appear to be asking something unusual of you. You can always directly check
with the organisation to be sure.
• The entire text of the email may be contained within an image, which can contain an embedded link.
• Spelling, grammar and syntax errors.
• Lack of details about the sender, or how you can contact the company.
7 Safe Email Practices
1. Check if it is a known scam.
If you are suspicious of an email (for any of the reasons we’ve listed, or if it just doesn’t seem right), you can check if it is on a list of known spam and scam emails. McAfee and Symantec feature spam and scam email lists on their websites.
2. Don’t trust the display name of the sender.
A common tactic is to use a hoax display name email, usually one that is similar to a source you would trust. Most user inboxes only present the display name once delivered, not the email address in full. Always check the full email address.
3. Double check the links (without clicking them!).
Hover your mouse over any links to preview the URL (it will either appear next to your cursor, or in the bottom left corner of your screen). Beware if the web address looks strange, or doesn’t match what the email says it is. If you want to test the link, open a new window and type in URL manually rather than clicking on the link directly from your email.
4. Don’t give out personal information.
Legitimate banks and most other companies will never ask for personal credentials via email, especially not without consulting you via telephone or in person first.
5. Don’t open attachments, or reply to emails from an unknown source.
If you suspect the email might be a scam, don’t open any attachments. They can contain viruses and malware, which can damage files on your computer, or steal information. Also be wary of fake ‘remove’ or ‘exit’ buttons/links that can contain links to dodgy websites.
6. Be skeptical.
Just because an email has convincing brand logos, headers, appropriate language, and a seemingly valid email address, does not mean that it’s legitimate.
7. Use Spam Filters.
Make sure your email accounts and internet security packages have the spam filter activated and that it remains switched on. They won’t be able to protect against everything but it is at least a first line of defence. Also make sure to check junk mail folders regularly just in case a legitimate email gets through by mistake.
For more information on scam emails: