Email mistakes that leave us at risk of scams

Your email is a prime target fo scammers. Here are six common errors that most of us have made at some point that could leave us vulnerable.

Love Money
Last updated: 22 June 2018 - 12.36pm

Email has gone from being something so new that we had to remind people not to print them out unnecessarily, to being simply part of the digital infrastructure.

Yet, as with so many things, because we use it so often we take it for granted. And taking it for granted can be dangerous.

If someone hacks your email, they can potentially gain access to numerous of your online accounts.

They could apply for password resets and so gain access to your accounts, they could shop in your name, they could email your friends and family to try and trick them into handing over cash.

On top of that, there are all the risks that come with receiving emails from fraudsters, whether they are simply begging letters for cash, phishing attempts designed to look like your bank or links from hacked friends.

So – email is essential, but risky.

Here are some of the silliest mistakes we make.

[Read more: 4 new scam tactics to watch out for]

Responding to suspicious emails 

You might know you’d never fall for an email claiming to be from a Nigerian princess. You might feel sure that you’d smell a rat if you were told you’d won an international lottery.

But somewhere out there it’s likely there’s an email that you could fall for. Perhaps you’ll find it slightly suspicious but enticing.

Perhaps it will come from a friend’s address but use very generic messaging. Perhaps it will be so obviously fake that you decide to reply to mock the sender.

It’s always worth taking a few moments to consider whether you really want to engage with an email. Putting the text into a search engine can highlight if it’s a hacking attempt that’s already known about.

Just taking some time to really consider whether it’s suspicious can be the difference between falling for a scam and staying safe.

Clicking on links

You might know the sender, you might recognise the brand, it might even appear to be your bank or another trusted sender.

It might appear to contain a valuable offer such as a supermarket discount voucher that you have to claim immediately to qualify for.

Always, always hesitate before clicking on an emailed link. It will take just a few moments to use a search engine to check a link or find a correct one (don’t respond to adverts in search results, just to the definitely legitimate listings).

Not checking addresses

Scammers can send incredibly realistic emails. They can look just like they come from your bank or other online service, with all the same branding.

That’s why it’s so important to check email addresses rather than assume they’re genuine or quickly scam them. Often fraudsters will have realistic email addresses with, for example, one letter wrong.

A few moments spent checking an address carefully could be all it takes to keep your accounts and data safe.

Making payments without checking

It’s wrong to call this a stupid mistake, because it can actually be quite difficult to spot.

Particularly cunning and horrible fraudsters have been known to hack or compromise business email addresses and identify when a payment is to be made – such as for a holiday, for building work, or even a large payment to a solicitor when buying a house.

They can then email their victim at the point of payment with their own bank details, meaning the payment is made into a criminal’s account. Often there is little that anyone can do and the victim is left hugely out of pocket.

Avoiding this kind of fraud can be difficult. The best thing to do is test the account details by making a small payment, for example – 11p, and then ring a number that you know is genuine, such as one from an official letter.

You can ask the recipient to confirm how much you have paid them and then know you’re connecting to the right account.

It’s worth the small extra effort when you consider the massive risk of losing a lump sum.

Failing to delete sensitive emails

If an email does contain sensitive data, such as financial details, then there is no need to leave it sitting in your account ready for anyone who succeeds in hacking you in the future.

When you receive an email that contains sensitive information, or details that could be used to trick you into providing fraudsters with sensitive information, it’s important to delete it.

Good email hygiene protects your future self from fraud.

Not spotting red flags

You can’t rely on phishing and fraudulent emails to be stuffed with typos that make them easy to spot. However, there are some things that should make you immediately question what you’ve been sent.

They include:

  • Requests for confidential information
  • Non-specific greetings like ‘dear customer’ or ‘beloved’
  • Poor spelling and grammar
  • Prominent link to a website
  • An unprofessional sense of urgency such as ‘act NOW to get your voucher’
  • Simply an unexpected email from an organisation you do not deal with
  • The entire text of the email is contained within an image rather than text. The image is often an embedded link to a fake website

More on scams and how to avoid them

More from BT