email safety and what to look out for...

We all receive the occasional email from someone we have never heard of, sometimes offering prizes or incredible deals. Stop! Don't click on that link. If something seems to good to be true - it probably is.

It never fails to amaze me the number of people who should know better that get caught this way. You may even receive an email from someone you do know that you were not expecting them to send with an attachment or a link to a website. They didn't send it and it's easy enough to check - just send them an email (not a reply to the one you received) and ask them - easy eh? You'd be surprised how many people just open the attachment or click on the link.

The purported sender may well have had their email account spoofed or hacked. I have recently had a call about a web page that came up on someone's computer that purported to be from an "associated website" to one that this person had used for quite a while and offered him to enter a competetion for an iPad and other goodies. It even had the correct header and footer. When he showed me, I saw immediately that it was the same targetted scam that has been floating around on unsolicited emails for a few months - it had just got a bit cleverer.

Enough scare stories - let's help you avoid getting caught out. There are a few things to look out for and some basic rules to follow and I have listed the main ones with a description of what they are and relevant avoidance techniques for each, but this is by no way an exhaustive list of the potential pitfalls..

Types of unwanted emails...


Spam (also known as Junk Mail) makes up the majority of all email traffic all over the world. This can be advertising for online Pharmacies, dating, pornography and, increasingly, online gambling. It can also be for non-existant Charity appeals, "good luck" chain mails (where you are asked to forward the mail to as many of your freinds as you can), work from home offers (often with ridiculously high returns), and more worryingly for the non-expert, hoax virus warnings offering to fix your PC if you follow their link (never believe this one).

Spammers get your email address by various means: Getting you to enter your details on fraudulent websites (mentioned on the Securing your Connection page), buying lists of email addresses from other spammers, using special software to automatically generate email addesses and sending to them all until they either don't get bounced back or are replied to (if you reply to a spam email it confirms that it's a real address), hacking into other website's user databases or even getting you to click through to a spam email cancellation website (usually a "Click here to Unsubscribe" link at the bottom of the email). Once they have your email address you will have to manually add them to a blocked senders list if you don't have your spam filter switched on.

Spam filters are getting better, but some junk still makes it through even the best of them. Instead of resigning yourself to hitting delete for all those hot-stock and Viagra come-ons, try disposable email addresses. These are addresses you create every time you encounter an online shopping site, forum, or other service that requires you to enter an email address. If that address gets flooded with spam, you can terminate it. That's a better system than the alternative, creating a free web mail account that you use only for purchases and web signups. With a single separate account, you have to throw the baby out with the bathwater and cancel the whole account if it gets too much spam, thus losing your wanted emails as well as the unwanted ones.

If this sounds like you then I suggest a good, free service from Spamgourmet that's quick and easy to set up and use. It allows you to create disposable addresses on-the-fly that will forward email messages to your normal address.

Spam emails may feature some of the following warning signs:

  • You don’t know the sender.
  • Contains misspellings (for example ‘p0rn’ with a zero) designed to fool spam filters.
  • Makes an offer that seems too good to be true.
  • The subject line and contents do not match.
  • Contains an urgent offer end date (for example “Buy now and get 75% off”).
  • Contains a request to forward an email to multiple people, and may offer money for doing so.
  • Contains a virus warning.
  • Contains attachments, which could include .exe (executable) files.

Problems associated with spam:

  • It can contain viruses and spyware.
  • It can be a vehicle for online fraud, such as phishing (see below)
  • Unwanted email can contain offensive images.
  • Manual filtering and deleting is very time-consuming.

What you can do

  • Be vigilant when opening or responding to emails.
  • Make sure your spam filter is always switched on to minimise the risks.


Scams are generally delivered in the form of a spam email (but not all spam emails contain scams - some are just email flooding).

Scams are designed to trick you into disclosing information that will lead to defrauding you or even stealing your identity to obtain loans or other financial benefits in your name..



Examples of email scams include:

Emails offering financial, physical or emotional benefits, which are in reality linked to a wide variety of frauds.- these include emails posing as being from ‘trusted’ sources such as your bank, the Inland Revenue or anywhere else that you have an online account. They ask you to click on a link and then disclose personal information.

No, you probably haven’t won the lottery. No, you can’t make that much working from home. That deal really might be too good to be true (and probably is).

The web can be a great place, but not everyone online has good intentions. Here are some ways to avoid scammers and stay safe on the web:

Free stuff - not likely: An email is probably a fake if it congratulates you for being a website’s millionth visitor, offers a tablet, smartphone or other prize in exchange for completing a survey or even offers quick and easy ways to make money or get a job - the classic "Get rich quick working from your home in just two hours a day" is doing the rounds all the time in one form or another - as mentioned at the top of this page.

If the email tells you that you’re a winner and asks you to fill out a form with your personal information, don’t be tempted to start filling it out. Even if you don’t hit the “Submit” button, you might still be sending your information to scammers when you start putting your data into their forms.

If you see a message from someone you know that doesn't sound like them, their account may have been compromised by a cyber crook who is trying to get money or information from you - so be careful how you respond. Common tactics include asking you to send them money, claiming to be stranded somewhere or saying that their phone has been stolen so they cannot be called.

Or the message may tell you to click on a link to see a picture, article or video, which actually leads you to a site that might steal your information - so think before you click through!

Check and check again! When shopping online, research the seller and be wary of suspiciously low prices. Think like you would if you were buying something at a local shop or market stall. Look closely at online deals that seem too good to be true. No one wants to get tricked into buying fake goods. People who promise normally non-discounted expensive products or services for free or at 90% off usually don't have your interests at heart.

If you use Gmail or other webmail applications, you may see a warning across the top of your screen if you’re looking at an email that their systems say might be a scam - if you see this warning, think twice before responding to that email. Or just don't do it If you have a bad feeling about an advertisement or an offer - trust your instincts.

Only click on adverts or buy products from sites that are safe, reviewed and trusted. Many online shopping platforms have trusted merchants/sellers programmes. These sellers typically have a visible stamp of approval on their profiles. Make sure that the stamp or certificate is legitimate by reviewing the shopping platforms’ guidelines.

If the platform doesn't offer a similar programme, take a look at the number of reviews and the quality of reviews on the seller. Ebay, for example, shows you how long a seller has been in business and some of their previous items - as does Gumtree. 5 minutes of your time being sure can save you hours/days/weeks of grief.


Phishing is a type of online fraud where someone tries to trick the victim into sharing sensitive information like passwords or credit card information. Phishing is typically done through email, ads or other communication like instant messaging. Cyber crooks typically send these emails to thousands of people. The emails pretend to come from banks, credit card companies, online shops and auction sites as well as other trusted organisations. They usually try to trick you into going to the site, for example to update your password to avoid your account being suspended. The embedded link in the email itself goes to a website that looks exactly like the real thing but is actually a fake designed to trick victims into entering personal information. 

The most dangerous crooks use clever marketing to get you to do their dirty work for them and infect your computer. Lots of social engineering attacks are crude, with misspelled words and clumsy grammar, but that doesn't mean you should dismiss the danger. Every now and then, a well-crafted attack can slip past your defences and lure you into opening a poisonous email attachment or downloaded file. A targeted attack might even use your correct name and business title.

Phishing emails may feature some of the following warning signs:

The email itself can also look as if it comes from a genuine source. Fake emails often (but not always) display some of the following characteristics:
  • The sender’s email address is different from the trusted organisation’s website address.
  • The email is sent from a completely different address or a free webmail address.
  • The email does not use your proper name, but uses a non-specific greeting such as “Dear customer.”
  • A sense of urgency; for example the threat that unless you act immediately your account may be closed.
  • A prominent website link. These can be forged or seem very similar to the proper address, but even a single character difference means a different website.
  • A request for personal information such as username, password or bank details.
  • You weren't expecting to get an email from the organisation that appears to have sent it.
  • The entire text of the email is contained within an image rather than the usual text format. The image contains an embedded ink to a fake website.

Basic steps to not getting caught out

  • Do not open emails which you suspect as being spam.
  • Do not forward emails which you suspect as being spam.
  • Do not open attachments from unknown sources.
  • Do not readily click on links in emails from unknown sources. Instead, roll your mouse pointer over the link to reveal its true destination, displayed in the bottom left corner of your screen. Beware if this is different from what is displayed in the text of the link from the email.
  • Do not respond to emails from unknown sources.
  • Do not make purchases or charity donations in response to spam email. 
  • Don’t click on ‘remove’ or reply to unwanted email.
  • Check junk mail folders regularly in case a legitimate email gets through by mistake.
  • When sending emails to multiple recipients, list their addresses in the 'BCC' (blind copy) box instead of in the 'To' box. In this way, no recipient will see the names of the others, and if their addresses fall into the wrong hands there will be less chance of you or anybody else receiving phishing or spam emails.
  • If you are suspicious of an email, you can check if it is on a list of known spam and scam emails that some internet security vendors such as McAfee and Symantec feature on their websites.
  • Most email clients come with spam filtering as standard. Ensure yours is switched on. 
  • Most spam and junk filters can be set to allow email to be received from trusted sources, and block those from untrusted sources. 
  • When choosing a webmail account such as Gmail, Hotmail and Yahoo! Mail, make sure you select one that includes spam filtering and that it remains switched on.
  • Most internet security packages also include spam blocking. Ensure that yours is up to date and has this feature switched on. 

On that note - email is still the best and fastet way to stay in touch and do business so follow the guidlines listed here, stay vigilant and happy emailing.