Email scams: simple mistakes that put us at risk

Email scams: simple mistakes that put us at risk

If your email is compromised then you are vulnerable… here are six mistakes that many people have made at some point.

lovemoney staff

Rights, Scams and Politics

lovemoney staff
Updated on 19 December 2023

It’s hard to remember a time when we didn’t use email for everything. Work, socialising, shopping receipts, sharing photographs, sharing jokes

Our email address logs us into our banks, our online shopping profiles, our dating websites and more. It’s almost as important to our online identity as our name is to our real-life identity.

Email has gone from being something so new that we had to remind people not to print them out unnecessarily, to being simply part of the digital infrastructure.

Yet, as with so many things, because we use it so often we take it for granted. And taking it for granted can be dangerous.

If someone hacks your email, they can potentially gain access to numerous of your online accounts.

They could apply for password resets and so gain access to your accounts, they could shop in your name, they could email your friends and family to try and trick them into handing over cash.

On top of that, there are all the risks that come with receiving emails from fraudsters, whether they are simply begging letters for cash, phishing attempts designed to look like your bank or links from hacked friends.

So – email is essential, but risky.

Here are some of the simple mistakes people make.

Responding to suspicious emails 

You might feel sure that you’d smell a rat if you were told you’d won an international lottery despite not buying a ticket, but somewhere out there it’s likely there’s an email that you could fall for.

Perhaps you’ll find it slightly suspicious but enticing.

Perhaps it will come from a friend’s address but use very generic messaging. Perhaps it will be so obviously fake that you decide to reply to mock the sender.

It’s always worth taking a few moments to consider whether you really want to engage with an email.

Putting the text into a search engine can highlight if it’s a hacking attempt that’s already known about.

Just taking some time to really consider whether it’s suspicious can be the difference between falling for a scam and staying safe.

Clicking on links

You might know the sender, you might recognise the brand, it might even appear to be your bank or another trusted sender.

It might appear to contain a valuable offer such as a supermarket discount voucher that you have to claim immediately to qualify for.

Always, always hesitate before clicking on an emailed link. It will take just a few moments to use a search engine to check a link or find a correct one (don’t respond to adverts in search results, just to the definitely legitimate listings).

Not checking addresses

Scammers can send incredibly realistic emails. They can look just like they come from your bank or other online service, with all the same branding.

That’s why it’s so important to check email addresses rather than assume they’re genuine or quickly scam them. Often fraudsters will have realistic email addresses with, for example, one letter wrong.

A few moments spent checking an address carefully could be all it takes to keep your accounts and data safe.

Check your credit report to see if you've been a victim of identity theft

Making payments without checking

Particularly cunning and horrible fraudsters have been known to hack or compromise business email addresses and identify when a payment is to be made – such as for a holiday, for building work, or even a large payment to a solicitor when buying a house.

They can then email their victim at the point of payment with their own bank details, meaning the payment is made into a criminal’s account. Often there is little that anyone can do and the victim is left hugely out of pocket.

Avoiding this kind of fraud can be difficult.

The best thing to do is test the account details by making a small payment, for example – 11p, and then ring a number that you know is genuine, such as one from an official letter.

You can ask the recipient to confirm how much you have paid them and then know you’re connecting to the right account.

It’s worth the small extra effort when you consider the massive risk of losing a lump sum.

Failing to delete sensitive emails

If an email does contain sensitive data, such as financial details, then there is no need to leave it sitting in your account ready for anyone who succeeds in hacking you in the future.

When you receive an email that contains sensitive information, or details that could be used to trick you into providing fraudsters with sensitive information, it’s important to delete it.

Good email hygiene protects your future self from fraud.

Not spotting red flags

You can’t rely on phishing and fraudulent emails to be stuffed with typos that make them easy to spot. However, there are some things that should make you immediately question what you’ve been sent.

They include:

  • Requests for confidential information
  • Non-specific greetings like ‘dear customer’ or ‘beloved’
  • Poor spelling and grammar
  • Prominent link to a website
  • An unprofessional sense of urgency such as ‘act NOW to get your voucher’
  • Simply an unexpected email from an organisation you do not deal with
  • The entire text of the email is contained within an image rather than text. The image is often an embedded link to a fake website

And finally…

If your email address has already been compromised then it is essential you stop using it. Hackers trade compromised email addresses via the dark web for as little as £3 a time (check out our article on the value of your stolen data and logins).

So how can you know if your email address has been compromised so you can switch providers and start afresh?

After all, you can be as careful with your data as you like but if a company that holds it has been hacked then criminals may have it already.

Well, the good news is that there is a free resource that lets you check.

It’s called and you can very simply type in your email address and find out if it is on the radar of criminals and why – for example, it will tell you if it was compromised by specific data hacks.

Check your regular email address and, if you find your email has been compromised, then switch to a new address and take great care to keep that one as secure as possible.

Most Recent