How to spot an email scam

Follow our top tips to avoid email scams and safeguard yourself from fraudsters trying to steal your personal information and bank details.
Which?Editorial team

What is an email scam?

Email scams, also known as 'phishing' scams, have become increasingly common as fraudsters come up with new ways to try and steal your personal information and bank details.

These scams often involve a fraudster sending you an email purporting to be from a well-known brand or retailer. When you click on a link in the email, you'll be sent to a spoofed website where you're asked to enter your personal information. If you do this, you'll be handing your details to the scammer.

In some instances, scam emails contain malicious software which can infect your computer, tablet or mobile phone with a virus. If you suspect an email might be from a scammer, don't click on any links or download any attachments. Stay security-savvy and ensure your antivirus software is always up to date, as this will provide an extra layer of protection.

Sign up for scam alerts

Our emails will alert you to scams doing the rounds, and provide practical advice to keep you one step ahead of fraudsters.

Sign up for scam alerts
Sign up

How to spot an email scam

Email scams can be incredibly tricky to spot.

See the example below of an email scam impersonating HMRC. The scammer uses HMRC branding, and is convincing enough to catch people out. 

HMRC scam emails

A large collection of images displayed on this page are available at https://www.which.co.uk/consumer-rights/advice/how-to-spot-an-email-scam-au5Lt0O3EgcP

But there are clues to spotting this scam:

  • The greeting isn't personalised - it addresses the recipient as a 'customer'
  • There are some basic grammatical errors, such as random capitalised words and full stops
  • Investigating the links in the emails show that the website address differs to that of the official HMRC 

Follow our top tips to spot and avoid falling for an email scam.

1. Check the sender's email address

A scam email will usually come from an unrecognisable email address. This may consist of random numbers, letters or words that have nothing to do with the organisation the scammer is impersonating.

To find out if there’s a fraudster behind what appears to be a genuine email, hover your cursor over or right-click on the sender's name and you should be able to view the email address behind it.

2. Is the greeting impersonal?

Some email scams include your name in the first line of the message. However, not all do.

Sometimes scam emails will just say “Hi” and not include a name, or your email address will be used after “Hi”. This impersonal approach is a sign that it’s likely to be a scammer behind the email.

3. Check contact information and dates

Hover your cursor over anywhere you'd usually expect there to be a link in the email.

For example, check the bottom of the email for 'contact us' buttons or links to terms and conditions. 

By hovering your cursor over any links, you can see the URL they'll send you to without clicking on them.

It's also worth checking whether any dates in the email are correct. Often scammers will forget this detail.

4. Check the branding

Take a look at the quality of of any logos in the email. For example, if the images are pixelated, this can strongly indicate that the email is a scam.

Compare the branding in the email to the company's genuine website or any genuine emails you've received from the company in the past. 

5. Check if the linked website is legitimate

If you've clicked through to a website from an email thinking it is genuine, double-check the authenticity of the website before entering any details. 

The domain information checker Who.is will show you when the website was created. If the site was created recently, it's likely to be dodgy.

If it’s a big brand or company being impersonated, open a new tab and visit its genuine website to compare the URLs.

If you haven't yet clicked a link but are being asked to do so you can access a message on your account, avoid the temptation to act quickly.

Instead, navigate to the company's website to log in to your account. If no message or alert is present, you'll know the email is dodgy.

6. Is the email asking for personal information or bank details?

If an email asks you to update or re-enter your personal information or bank details out of the blue, it is likely to be a scam.

Most companies will never ask for personal information via email.

7. Does it have poor spelling, grammar and presentation?

Scammers are getting better at presenting phishing emails that are more or less free of poor spelling and grammar - but you should still watch out for these tell-tale signs.

You might also notice a lack of consistency with the presentation of the email, which may include several different font styles and sizes and a mishmash of logos.

8. Is it trying hard to be 'official'?

Scammers often try hard to make a dodgy email sound official. They will do this in a number of ways, including by using the word ‘official’.

You are unlikely to see the messaging in a truly official email shouting about how official it is.

Scam emails may also contain information such as account numbers and IDs designed to trick you into thinking the email is genuine. Check any of these against your records to see if they match.

9. Is it trying to rush you?

Fraudsters will try to pressure you with time-sensitive offers, encouraging you to act now or miss out on ‘exclusive’ deals.

Take your time to make all the checks you need. If the message regards an account you have with the company, organisation or retailer, you should log in separately to your account in a new tab or window

It’s better to miss out on a genuine deal than risk compromising your personal details.

10. Check with company, brand or department

If you’re still unsure whether a scammer is behind the email you received, get in touch with the brand or company featured in your email directly via social media or its 'contact us' page.

Check the brand or company's help and customer services pages. Big companies are sometimes aware of scams and publish advice for customers on what to watch out for.

Reporting email scams

You can report email scams by forwarding the email to report@phishing.gov.uk 

You can also report emails to your email provider - select the ‘Report Spam’ on Gmail, the ‘Report phishing’ button on Hotmail and send scam emails to abuse@yahoo.com if you use a Yahoo account.

Seen or been affected by a scam? Help us protect others