Tips for avoiding email scams


Close lesson
You have completed 0%

Tips for avoiding email scams

A red stop sign containing an exclamation mark

What's coming up?

In this activity, you will learn how to avoid the kind of email scams described in the How common email scams work activity.

Start activity

Any email can potentially be a scam

Because it costs scammers nothing to send an email, they can try lots of different ways to disguise scam emails as real. If you keep this in mind, you can stay alert to the possibility of receiving a scam email.

An illustration of three emails
An illustration of an email being put into a bin

The golden rule of email

The safest way to assess an email is that if you are suspicious of something in the email, or it just feels a bit off or strange, just delete it.

If you are sure the email is a scam, you can use your email service's Report Spam function to classify it as unwanted mail.

An icon of a padlock

eSafety tip

When an email is put in the Spam or Junk Mail folder, all links in the email are automatically blocked and can't be clicked on.

If you delete an email and send it to the Bin, Trash, or Deleted Items folder, the links in that email still work. Be careful not to accidentally click any links in deleted emails if you need to check them for any reason.

What to do about spoofed emails

A spoofed email is one that looks like it has come from somebody you know, but is actually from a different email address altogether.

If you receive an email you suspect is spoofed, don't respond to it. Instead, check with the person whose account seems to have sent the email and ask if they really sent it.

An email scammer pretending to be someone else
An icon of a padlock

eSafety tip

It's important not to click Reply on an email that you suspect is spoofed. Instead of going back to the person you think, it will go to the scammer. For instance, you might see John Kansas in the From field, but instead of going back to (the real address), scammers have set things up so your response will go to them.

A red stop sign with an exclamation mark

Scam emails from known addresses

Some scams are able to take over a person's email address temporarily and use it to send scam emails. This means the email really has come from someone you know, but without their knowledge.

These sorts of emails are usually easy to spot, as the message won't sound like the person you know or might even just be advertising. You should let that person know their email has been compromised, and you should both change your email address passwords right away.

An icon of a padlock

eSafety tip

It's not really possible to prevent scammers from using your name to send spoofed emails, but the good news is that this doesn't affect the security of your email account. The scammers can't read the mail that you send or receive.

However, if someone lets you know they received a fake email under your name, it's still a good idea to change your email password right away.

Be wary of emails from strangers

Email is best used to communicate with people you already know, or with official organisations and trusted companies such as online stores you use.

Scammers will sometimes send emails trying to make friends with people. If you've only ever known someone via their email address, it's difficult to tell exactly how truthful they are being about themselves. If you receive an email from a stranger asking to be your friend, you should treat it with suspicion as it may be a confidence scam.

An illustration of an email being sent by someone to three people
An icon of a padlock

eSafety tip

Never accept an invitation from a stranger to start using a messaging app such as Telegram, Discord, WhatsApp, or similar. This person is probably trying to cover their tracks by using an app that doesn't keep a record of conversations. This is a sure sign of a scam.

An illustration of a padlock and password in rotating arrows

Change your email password regularly

It can be a good idea to change your email password once or twice a year, just to be safe. Your email service may also inform you of data breaches on other sites where you might have used your email to sign in or purchase something.

You can learn more about passwords in our Managing passwords course.

Data breaches and email passwords

If your email address is exposed in a data breach on another site, don't panic. All this means is that hackers have accessed the list of email addresses known by that site.

However, if you used the same password on that site as you use to sign in to your email, the hacker may get access to this. It's a good idea to change your email password if your service advises there's a chance that it could be compromised.

An illustration of four padlocks and passwords, one padlock opened with an exclamation mark
An icon of a padlock

eSafety tip

You should never use the same password for two different accounts, because if one is compromised, the hacker may be able to sign in to your other account too.

A green shield with a tick

Email services offer security check ups

If you use Gmail, Outlook, or Yahoo Mail, then your email service is also an online account that has many other features. One of these is a security check up, which can tell you:

  • how many different passwords are saved in your browser's password manager
  • if you've used the same password for two or more accounts
  • if any of your passwords have been exposed in a data breach on a site other than your email web service
  • tips and help with choosing the strongest possible passwords.

Well done!

This is the end of the Tips for avoiding email scams activity. You've learned some tell-tale signs of common email scams and to avoid responding to suspicious emails. If you want to find out more about spotting scams in general, see our Identifying and avoiding scams course.

If you're a registered user, you can now complete a short quiz to test your learning. If you're not registered, this is now the end of the How to avoid common email scams course.

An illustration of an email being put into a bin