The top tips for spotting and reporting scam emails

Scam emails are something we’ve all heard of. And annoyingly, it’s quite common that scam emails slide into your inbox. But many of us don’t know what they are exactly, and how to spot them.

That’s why we’ve written this useful guide, to talk you through how to spot scam emails in the first place, the different types and how to report scam emails once you’ve received them.

What is a scam email?

A scam email is when you are sent a bulk of emails, intending to trick you into giving someone your personal details. The sender will usually ask you to click on a link or download an attachment, which then discloses your private information.

Whether it’s a fake email from PayPal stating your account has been compromised, or a popular clothing brand pretending your transaction hasn’t gone through properly, scam emails can really throw you off guard. Especially since a lot of them seem legitimate.

The different types of scam emails

Scam emails come in many forms, but what are they? Knowing how to recognise each type means you’re more likely to spot them when they’re sent over to your email address. So, it’s definitely worth learning more about the different kinds.

These are the top three different scam emails:

1. Spam 

Spam emails are repetitive, unwelcome scam emails that are sent in bulk, directly to your email address. These are probably the most common type, and you’re more likely to have encountered these. Although not all spam emails have a malicious intent, in many countries they are actually illegal, because you never requested to receive them, and it can be seen as a form of harassment.

There are two different types of spam emails:

1. Spam emails that land in your inbox and are sent from the spammer themselves. Their intention is to try and sell their products to you or commit fraud by contacting you
2. Spam emails that are not from a person but a computer that has a virus, which then sends out a barrage of emails. This is often the most malicious type of spam email

2. Phishing

Phishing is a form of scam that tricks you into thinking you are being contacted by someone you know, to try and steal your personal information, passwords or other security details. For instance, the sender could be emailing you to access your account number for your bank, posing as Natwest by sending it from a fake Natwest email address.

We have a whole other blog post on what a phishing attack is and how to prevent it. So, if you want to find out about this type of scam email in more depth, read Phishing Attack article.

3. Business email compromise (BEC)

Spam emails are engulfed in trickery, and business email compromise (BEC) attacks are designed to make you think that the CEO of your company has emailed you.

It’s not often you’d be directly contacted by the CEO of the company, so when you do, you’re going to take note and want to reply. However, this could be a BEC spam attack, where someone is posing as the CEO of your company (or any other senior executive or colleague) to get money and vital, personal information from you.

It will usually be an email asking you to contact the finance department for a money transfer, sent from an email address that appears to be your official CEO. Usually, they will find your information through company websites and social media, sometimes guessing your email address and then succeeding in contacting you.

How to spot the latest email scams

We can’t promise you’ll never encounter email scams, but we can help you to avoid getting tangled up in one. Being able to spot the signs of scam emails from the get-go will help you to recognise an attack before it happens.

So, when you’ve got that gut feeling about a dubious email, look out for the following:

• The email domain name is misspelt or includes several symbols
• The message has been sent from a public email, like Yahoo or Gmail; an established organisation will never use one of these
• The email has grammatical errors and is poorly written, as this usually means it is sent from an unknown user from abroad, and not a known contact
• There are suspicious, and malicious-looking links and attachments included in the email. Think about it, would your bank really send this kind of information, for example?

What to do with scam emails

Unfortunately, scam emails will likely fall into your inbox at some stage. So, if you know what to do with scam emails before you receive them, then you can avoid getting into a difficult situation by accident.  

Here are our top tips when you receive scam emails:

• Double-check the contact email address to check the sender is legitimate
• Avoid clicking any links that are featured in the email
• Do not click or download any attachments sent in the email
• If you have clicked a link, stop there; do not add any information to the page provided
• Do not reply to the email or the contact who’s sent the email in any way

If you’ve already clicked a link a scammer has sent before realising it’s a scam, relating to your bank account or personal bank details, you need to contact your branch immediately. This will ensure they haven’t gotten access to your information/accounts.

How to report email scams

Reporting scam emails is easy when you know how. And once you’ve spotted a scam email, you must report it immediately – don’t ignore it, take action instead.

1. Contact Action Fraud

If you think you’ve been hacked or lost money because of an online scam email, contact Action Fraud immediately. You can do this by either setting up an account online (or signing up as a guest) and filling out your information. Or, if you’d prefer to speak to someone on the phone, simply call this number: 0300 123 2040.

2. Contact the government

Alternatively, if you’ve received an iffy email that you’re a little unsure about, you can forward it on to the Suspicious Email Reporting Service (SERS). This will not only help you but other people, as it stops them from being potentially targeted by an email scam, too.

Whether the message you’ve been sent is from an unknown company, someone you don’t know or an obvious scammer, simply forward your full email to report@phishing.gov.uk.

Once you’ve done this, the National Cyber Security Centre (NCSC) will review the suspect email, analyse the copy and the links included. Then, they’ll monitor any suspicious activity related to the email address.

If they do find any activity that they deem as malicious, they might do the following:

• Block the address the spam email came from, to prevent the user from having access to your email address/sending you any further messages
• Use your experience to raise awareness of commonly reported spam emails and their tactical methods of contacting victims
• Remove links to dangerous websites by collaborating with hosting companies

Now you know how to recognise, avoid and report email scams, you’ll be in a much better position if a message is sent to your email address. And make sure you read our other useful blog posts for further insights on safety and cybersecurity when you’re browsing online.