Email Scams

The most common type of email scam is known as phishing, where the scammer tries to obtain personal information using illicit emails or a website. These emails are designed to look professional by using both official logos and the format of the organisation they are impersonating. By clicking you will be taken to a website that looks ‘genuine’ and may only have a slightly different URL.

What do these emails normally look like?

  • Emails posing as an official government department, such as HMRC or DVLA. These scams range from offers of a tax refund, to threats of fixed penalty fines.
  • CEO/Business Email Compromise (BEC) scams, these emails pose as a senior ranking person in the company, usually the CEO and request an urgent same day payment. The email usually targets a staff member in the finance or accounting team and is sent to trick the recipient into paying a fake invoice or make an unapproved transfer. The language of the email will be familiar and an will be excuse given to why they are emailing and that an explanation will be given at a later point.
  • Overseas Lottery Scams, where the recipient receives an unexpected official email from an International agency, which reports the winning of a large lottery prize. The ‘winner’ ‘is chosen at random’ or by ‘government approval’.  To claim the prize the ‘winner’ may be asked to provide bank account details or send a small ‘handling’ fee.
  • ‘Complete a survey’ scams. The recipient will be contacted by email and asked to fill in a survey to win a prize.
  • Online banking or credit card scams. Here, an email apparently from the recipients’ bank states their account has been hacked, or there has been suspicious activity or login attempts; they are then asked to ‘verify their identity’. The recipients may also be asked to make a ‘test payment’ or to ‘move money’ to a new safe holding account. BUT banks will NEVER email to ask anyone to move money nor to change their pin.
  • ‘PayPal’ scams state that the recipient has received money or been overpaid.  There may also be a request for a small part payment. Always verify any PayPal payments by logging in and checking your account. Do not click a link within an email.
  • The Nigerian Cheque scam, one of the original email scams. The recipient is contacted out of the blue by someone with an elaborate story about their money being stuck – allegedly an inheritance that is hard to access due to government restrictions or is trapped due to war or civil unrest. The claimant offers money in exchange for the recipients help in transferring their money out of their country. The recipient may first be asked for small amounts, then later, larger amounts. After that the claimant uses the recipient’s details to later steal their money. These scams are often known as ‘Advance Fee’ scams.

How do I spot an email scam?

  • The sender doesn’t know who you are. If the email is addressed to ‘Dear valued customer’ or a similarly imprecise recipient, BEWARE.  EVERY organisation who knows you will usually use your name at every opportunity. But note, clever scammers may still personalise fake emails.
  • Close inspection reveals spelling mistakes or bad grammar within the text of the email, even if the email may look professional at first. ASK yourself: is this consistent with previous messages you have received from this person or organisation?
  • The email appears to come from a genuine organisation although the email address is from a free email provider such as ‘@gmail.com’ or ‘@hotmail.com’. No legitimate organisation will use a public domain name for their email address.  ‘Hover’ your mouse over the sender name and check the text that appears after the ‘@’ matches the apparent sender name. You can also click ‘reply’ (BUT DO NOT SEND) and this should also show the full email address of the sender.
  • If you have doubt about their email address, do your own research by googling the organisation and double-checking details on their official website. Another WARNING CLUE is an error in the domain name, or any ‘click here’ url’s which may appear very similar to the legitimate company address but with a minor difference. Again, by hovering with your mouse you can see the link or domain name.
  • You are contacted out of the blue, or you are asked to respond to an urgent issue or crisis. The tone of the message may appear strange, or there is an overuse of language such as ‘legitimate’, ‘legal’ or ‘government approval’. In the case of CEO/BEC scams, the tone of the email may be familiar, casual and state an excuse to why the sender can’t phone you directly to discuss the matter, such as ‘being in a meeting and they’ll explain later’.


Become knowledgeable about practices, rules and procedures, as well as formats and styles of communication – be aware, for example, of how an organisation usually communicates with you. For example, HMRC, the NHS, and banks will NEVER EMAIL to ask you for personal or financial details: a written letter is standard. Nevertheless, companies like PayPal usually communicate by email.

What should I do if I have clicked on a suspicious email?

  • REPORT it. If you can, keep evidence of the suspicious email and forward it to the fraud department of your bank, or the relevant organisation which has been targeted. You can also report email scams to Action Fraud, the NSCS or Police Scotland.
  • DO NOT forward it on to anyone else, NOR respond to the email.
  • If you are worried that your computer has been affected, change all your PASSWORDS immediately. Find out how to create a strong password here. Do a full scan of your computer using your anti-virus software. Check your bank accounts and if you think they’ve been compromised get in touch with your bank. Details on how to do this can be found here.