How do I protect myself from email scams?

What kinds of email scams are there?

Different email scams aim to achieve different things. Phishing scams aim to trick you into giving away your personal information. Blackmail scams aim to scare you into paying some sort of ransom. There are all sorts of variants such as catfishing, impersonation scams. These scams all intend to trick you in some way into giving up information or money.

How can I tell if an email is a scam?

This is a simple question with a long and complicated answer. I deal with this question in the general Web Safety Guru course but I also run an Email Safety Masterclass. This masterclass looks in depth at the ways of telling whether an email is fake but also gives plenty of examples and interactive exercise where you can spot the tell-tale signs yourself. As learning is best achieved with practice as well as teaching, I can thoroughly recommend this course.

What happens if I click on a link in a scam email?

I would not recommend doing this even though sometimes there will be not bad outcome. Sometimes the link will take you to the genuine site. Sometimes the link will take you to a fake site and it is not until you enter your username and password does the damage start. But other links could direct you to malicious pages where you could inadvertently download malware. You should be especially cautious where the destination link has been compressed, for example through bitly. There is really no way of telling where this link will direct you so please don't take the risk.

What happens if I open an attachment in a scam email?

This rather depends on what type of attachment you are opening. Look at the extension, for example .exe or .jpeg . A couple of really bad outcomes are if you open a script of a compressed file. This is because anti-virus software cannot detect the malware in a compressed file. It is a Trojan Horse which can bypass your defences. It is best to assume that all attachments in a scam email are dangerous. On the Web Safety Guru course I will show you how to change your file settings recognise the different types of files.

How do scammers make a scam email?

You may wonder how an email that appears to be from your bank actually isn't. It is surprisingly easy to replicate many of the elements of a scam email. On most websites you are able to view the source code with the right click of a mouse (this applies to static code, NOT any content generated dynamically from a database). Likewise you can right click on an image and get options to download it. With access to Notepad you would be able to construct your own webpages. You wouldn't have access to the styling though and this is why the layout and fonts of a scam email sometimes look a bit off. The scammer would have to try their best to replicate the styling of the site they were copying.

Bear in mind you might not be the victim of a targeted scam, they may be sending the same email to thousands of people. The scammers will often use a stolen mailing list and mass email everybody on it. It only takes a couple of victims falling for it to make the scam worthwhile.

Should I reply to a scam email?

In a word, no. The best default strategy is to ignore the email and give no indication you have read it, even if the email tells you the sender can tell whether you have opened it. While technology exists for this statement to be true, it is more likely a bluff. Depending on the nature of the scammer, replying could be dangerous and could open up a whole new can of worms. There are examples on the internet of people who have replied to scam emails with hilarious results. However this is an advanced level move and as a rule of thumb I would recommend that the best response you can give to a scam email is no response at all is .

What could go wrong if I am scammed

This rather depends on the type of scam you fall for. You could install malware on your device. You could give away your passwords and your personal information. You could lose money. You could suffer performance problems or reputational damage. You could lose information that could take time or money to replace. You could lose confidence using the internet for any of these. You could also be more vulnerable to follow-up scams. If you were a scammer wouldn't you try to rescam people you had successfull scammed before?