How to spot a scam email
Most days I get at least a couple of suspicious looking emails in my inbox – whether it’s about a parcel delivery, chasing an imaginary invoice or news that I’m on a shortlist to win £500 Lidl vouchers!
Although we’re all at risk from email scams, compers tend to receive more than most – completing just one dodgy entry form can result in your email address finding its way onto a list that’s illegally sold to spammers. Before long, your inbox is packed with phishing and spoofing emails – and you even find yourself distrustful of genuine winning emails.
What is phishing and spoofing?
- A phishing email is where the recipient is tricked into clicking a link and then logging into a website with their personal details, card details or password.
- A spoofing email is designed to look like an official company email, and usually contains a link or attachment which if clicked, downloads a virus to the recipient’s computer.
From a comper’s point of view, the problem is that many companies send brief winning emails that tend to look fake! So it’s important to learn how to distinguish between a genuine winning notification – and a scam one.
Identify a genuine winning email
A genuine winning email will usually:
- Address you by name (not by email address)
- Have a signature at the bottom of the email – usually featuring a company logo, and contact details for the sender
- Mention details of the prize/competition you’ve won
A scam winning email will usually:
- Come from an unusual email address
- Start with Hi or Hi <your email address>
- Contain a link to click
- Mention high value cash or voucher prizes (often a £500 gift card for Primark, Lidl, etc)
Here’s more details about what you should check for.
What email address is it from?
Always check the email address the message has come from – don’t rely on the sender’s display name, which could be set as ‘Google’ or ‘Argos Customer Service’ for example. Right-click or hover over the sender’s name (on a Mac or iOS device click on the small arrow) and you’ll be able to see the full email address it was sent from. Does it match the display name? If not, be suspicious. Copy the ‘domain’ part of the email address (eg. one of my spam emails has apparently come from Google, but the actual address is ‘firstname.lastname@example.org’) and paste the domain part – the part after the @ – into a new browser window to view the website that the email has come from. In this case, the website sbcglobal.net doesn’t even exist.
Lots of genuine winning emails don’t come from the brand – they will come from a PR or marketing person working at an agency, so you might understandably be suspicious if you’ve never heard of the company! Emails that are brief and include words such as ‘Congratulations’, ‘You’re a winner’, even if genuine, may be flagged as junk by many email providers. That’s why it’s so important to check your junk folder regularly for winning emails.
If you’re not sure whether a winning email is real, check the domain name in the email address to see if it’s a marketing or ‘fulfilment agency’. If the email signature includes a full name and contact details then it’s usually genuine – try a search for the sender’s name on Linked In, or Google the phone number. For example, genuine prize fulfilment emails might come from @promowinners.com, @ndlgroup.com or @prizeology.com
Is there a link to click?
If an email asks you to update your personal details or a password via clicking a link in an email, it is likely to be a scam. Trustworthy companies will ask you to go to their website, and log into your account to do this rather than emailing you a link.
Instead of clicking a link, go to your browser and navigate to the proper website link (eg. LloydsBank.com, PayPal.com, eBay.co.uk) then log in as usual to see if there’s a message there.
Occasonally a promoter will require you to go to a website to complete your address details to claim a competition prize. Hover your mouse cursor over the link in an email to see the full web address of where it leads, and decide whether it’s safe to click.
Is the branding poor, with spelling mistakes?
A lot of scam emails feature low quality logos, errors – and unusually formal wording. Incorrect use of capital letters in brand names is one to look out for, for example it’s always iPhone with a lower case i and upper case P, and PayPal is one word with two capital Ps.
Have they referred to you by name?
Most junk emails won’t refer to you by name – they may repeat your full email address in the main body copy, but generally that’s all they have access to, so your name won’t usually feature. Real winning emails will usually start with your name at the top, eg. Congratulations Di! – BUT when multiple prizes have been awarded, the promoter may well be sending out a generic email to everyone at the same time, in which case your name won’t be mentioned and it could look like junk.
Did you enter to win the prize?
If you receive an email to say your FitBit is on its way, but you don’t remember entering to win one, be wary. Try searching Google to see if you can find any trace of the competition details – you might find a post on a competition forum that jogs your memory. Don’t be too quick to dismiss a prize you didn’t enter for though – there are Swipe to Win comps and newsletter subscriber comps where you’re automatically entered to win prizes without realising!
A common scammers tactic is for the sender to include your email amongst a list of email addresses as a finalist or winner, asking you to confirm your details.
- Promoters may also ask for your bank account or PayPal details if you’ve won a cash prize. Once you’re certain the email is genuine, don’t be afraid to pass this information on – although most promoters won’t mind you asking for a cheque!
- It’s not unusual for a promoter to require identification from you to claim a prize – particularly if it’s alcoholic or a holiday. If you need to do this, upload a photo of your passport with the passport number covered.
- If you see an email and believe it’s junk, tell your mail software so by flagging it as ‘junk’ and it will teach your spam filter to be more accurate in future. If you find a winning email from a genuine company in your junk folder, make sure you mark it as ‘not junk’ too! On a Mac, a thumbs up/thumbs down will flag as junk/not junk.
- If you suspect an email might be a scam, don’t click any links or download any attachments in it as doing so could download a virus onto your computer. If you use a PC, make sure your antivirus software is always up to date.
- If there’s an ‘unsubscribe’ link in a scam email, don’t click it – that confirms that a real person exists at your email address, and you’ll receive even more dodgy emails!
- Check the small print before entering a competition or prize draw – avoid any that pass your details onto unspecified third parties (check my list of competition websites for more on this)
See also my post on How to spot a scam Facebook promotion.
You can find out more information about scams at the National Trading Standards website www.friendsagainstscams.org.uk