business for goodall donations stay in the Calder Valley micro-economyHebden Bridge · Calder Valley · since 2024DBS checked · fully insured · GDPR compliantpatient · plain English · at your paceAI-enhanced, teacher-led, never jargonbusiness for goodall donations stay in the Calder Valley micro-economyHebden Bridge · Calder Valley · since 2024DBS checked · fully insured · GDPR compliantpatient · plain English · at your paceAI-enhanced, teacher-led, never jargon

business for good · all donations stay local · Calder Valley CIC

security email scams safety digital literacy

How to Spot a Scam Email

By Joe ·

Scam emails are the most common form of online fraud in the UK, and they are getting harder to spot. They no longer look like badly written messages from a Nigerian prince. Modern phishing emails copy the logos, fonts, and tone of banks, HMRC, Royal Mail, Amazon, and NHS services almost perfectly.

But they still share patterns. Once you know what to look for, most scam emails become obvious.

The Six Tell-Tale Signs

1. You weren’t expecting it

The most reliable signal is the most overlooked one. Ask yourself: was I expecting this email? Did I request a delivery, apply for a refund, or trigger a security alert?

A genuine bank doesn’t email you out of nowhere to say your account is compromised. HMRC doesn’t contact people by email about tax refunds (they use post). Royal Mail doesn’t charge redelivery fees by email. If the contact is unexpected, treat it with suspicion.

2. It creates urgency

“Your account will be suspended in 24 hours.” “Claim your refund before it expires.” “Immediate action required.”

Urgency is a scammer’s most reliable tool. It short-circuits careful thinking. Legitimate organisations don’t do this, if there’s a genuine problem with your account, you’ll have time to deal with it. If an email is pressuring you to act right now, slow down.

3. It asks for something sensitive

Genuine organisations will never ask for:

  • Your password
  • Your full bank details
  • One-time codes sent to your phone
  • Remote access to your computer

No exceptions. If an email asks for any of these things, it’s a scam, no matter how official it looks.

Hover your mouse over any link in the email (don’t click, just hover) and look at the address that appears in the bottom left of your screen. It should match the organisation’s real website.

amazon-delivery-uk.net is not Amazon. hmrc-refund.co is not HMRC. natwest-secure-login.com is not NatWest.

The real domain, the part just before .co.uk or .com, is what matters. Anything after that first slash is irrelevant to whether the site is genuine.

On a phone, press and hold the link to see the address before deciding whether to open it.

5. The sender’s email address looks wrong

Click on the sender’s name to reveal the full email address. A scam email might show “Amazon Customer Services” as the sender name, but the actual address is something like noreply@amazon-support-update.net.

Legitimate organisations send from their own domains. Amazon sends from @amazon.co.uk. HMRC sends from @hmrc.gov.uk. If the domain doesn’t match the organisation, it’s not genuine.

One caveat: email addresses can be spoofed, faked to look like the real thing. A genuine-looking sender address is not proof an email is legitimate. The other signs still apply.

6. Something just feels off

Trust your instincts. If an email makes you uneasy, even if you can’t identify exactly why, don’t click anything. Close it, go directly to the organisation’s real website by typing the address yourself, and check your account there instead.

What to Do If You’re Not Sure

Don’t click the link. Instead:

  1. Go directly to the organisation’s website by typing the address into your browser yourself, not from any link in the email
  2. Log in and check whether there’s actually a problem with your account
  3. Call the organisation using a number from their official website, not a number in the email

This approach costs you five extra minutes. The alternative, if it was a scam, could cost considerably more.

What to Do If You’ve Already Clicked

Don’t panic, clicking a link doesn’t automatically mean you’ve been hacked. The risk is in what you did next.

If you entered a password: Change it immediately on the real website. If you use that password anywhere else, change it there too. This is why unique passwords matter.

If you entered banking details: Call your bank immediately on the number on the back of your card. Do not wait. Many banks can reverse fraudulent transactions if you act quickly.

If you gave someone remote access to your computer: Turn the computer off now. Do not switch it back on until you’ve spoken to someone you trust about it. Remote access software can remain active after a call ends.

If you only clicked and looked: You’re probably fine. Close any browser windows that opened, and consider running an antivirus scan if you want reassurance.

How to Report It

Reporting scam emails helps protect others, even if you’ve suffered no harm yourself.

  • Forward the email to report@phishing.gov.uk, this is the official UK government reporting address, run by the NCSC (National Cyber Security Centre). It’s free, takes ten seconds, and contributes to national intelligence on active scams.
  • Report to Action Fraud at actionfraud.police.uk if you have lost money or personal data.
  • Forward suspicious texts to 7726 (it spells SPAM on a keypad), this reports the number to your mobile network.

You can also mark emails as spam or phishing in most email apps, which helps train filters.

The One Rule That Has No Exceptions

No legitimate organisation, not your bank, not HMRC, not Amazon, not the NHS, will ever ask for your password. Not over email, not on the phone, not in a live chat.

If anyone asks for it, it is a scam.

If you’ve received something suspicious and aren’t sure what to do, or if you’d like to go through these signs together in more detail, we offer one-to-one digital safety sessions across Hebden Bridge and the Calder Valley. Bring the email with you, we’re happy to look at it together.

Contact us now!

About the author: