Skip to main content
Comms & Technology

What are email scams and how to recognise one?

By 22nd January 2018April 4th, 2019No Comments

Tony Edwards
Tony Edwards

Cost Area Lead for ICT

We have all had an email arrive in our inbox that promises something too good to be true. Some claims are so convincing that people have given their details or money away freely. Some of these scams have been around for years, but they have become more complex, and cyber criminals and hackers have grown increasingly sneaky.

The more common types of email scam are:


Spam: The word applied to email means ‘Unsolicited Bulk Email’. The recipient has not granted permission for the message to be sent, thus indicating that the message is sent as part of a larger collection of messages, all having substantially identical content.

Phishing: The act of sending an email to a user, falsely claiming to be an established legitimate enterprise. The aim is to scam the user into surrendering private information that will be used for identity theft. Phishing emails typically direct the user to a website where they are asked to update personal information, such as a password, credit card, or bank account numbers, that the legitimate organisation already has. The website, however, is bogus and will capture any information the user enters on the page.

Spoofing: The creation of email messages with a forged sender address. Because core email protocols have no mechanism for authentication, it is common for spam and phishing emails to use spoofing to mislead the recipient about the origin of the message.

Advance-fee fraud: The scam typically involves promising the victim a significant share of a large sum of money, in return for a small up-front payment. If a victim makes the payment, the fraudster either invents a series of further fees for the victim, or simply disappears.

While the risks from opening these types of email can be high, and emails have become more believable, there are still some tell-tale signs that the email is spam or a scam:

  • You don’t recognise the sender’s name or email address.
  • The senders email address may be different to what you would expect (eg – not from the organisation’s domain address or from a completely different address such as a free webmail address).
  • The email contains unexpected attachments; which could contain executable files.logos
  • There is a prominent link to a website in the main body of the email. These can be easily forged or seem very similar to the address that you would expect to see, but a single character difference can take you to a completely different site.
  • The email contains a request for personal information such as usernames, passwords or bank details.
  • The email contains incorrect branding, such as an old logo or the wrong fonts or colours.

Please watch out for my next blog article on how to stay safe if you do spot a suspicious email.