Which? scam alerts
Sign up for a Which? Scam alert to get what you need to know about the latest scams, whether it’s a new phishing email or a phoney HMRC call.
With more than 60 years experience fighting scams and protecting consumers this free service from Which? is available for everyone.
What's a sextortion scam?
Hackers send emails saying they have compromising images of you from your webcam or information on you visiting adult websites. They threaten to release this to your friends and family unless you pay them Bitcoin.
If you've been sent a sextortion scam email, read Which? Computing's guide on how to respond
Email scam awareness
Email scams, also called phishing scams, are becoming increasingly common as fraudsters come up with new tricks to try and steal your personal information and bank details.
In some cases the emails have malicious software attached which can infect your computer, tablet or mobile with a virus.
— Action Fraud (@actionfrauduk) 18 May 2017
Use our top 10 tips of technical and general advice to safeguard yourself.
What is a phishing scam?
Phishing when a cyber criminal contacts you out of the blue and convinces you to hand over your personal information or money or gets you to download a virus that infects your computer.
Phishing is a play on the word 'fishing' and usually happens over email, but can also happen through texts, social media or phone calls
1 Check the 'from' address
It’s always worth checking the address the email comes from for spoofing. Scammers often change its name to make it look more like it is from the company or organisation they are pretending to contact you from.
A scam email usually has a fairly bizarre email address behind what looks like a genuine sender name.
To find out if there’s a fraudster behind what looks like a genuine sender, use your mouse to hover the cursor over or right-click on the sender name and you should see the email address behind it.
2 Is the greeting impersonal?
Increasingly you will notice that scammers are getting better at sending emails which include our name in the first line of the message. However, not all of them do.
Sometimes scam emails will just say “Hi” and not include your name, other times your email address will be used after “Hi”. This impersonal approach to contacting you is another sign that it’s likely to be a scammer behind the email.
3 Check contact information and dates
Does the 'contact us' information at the bottom of the email link to anything? Is it clickable? Are the websites it links to genuine? If the answer is no, you should be on your guard. To see where a weblink links to without actually clicking on it, simply hover your mouse cursor over the link. In the bottom left-hand corner of your web browser, the web address where the link goes to will appear.
Are the copyright dates (or any others) up to date? Often scammers will forget this detail. We came across an email scam in March 2017, which said the closing date of the competition being advertised in the email was December 31st 2016. If you see this level of inconsistency, it’s probably a scam.
4 Check branding
Scam emails are often pretending to be from big brands, companies, supermarkets, retailers and deal sites or from trusted government departments.
Checking branding and keeping an eye on the quality of branded logos, etc, in the email can strongly indicate if the email is a scam.
Is the branding on the email the same as it is on the company or government website? Does it match the last genuine email you received from them? If the answer is no, be suspicious.
5 Check if the linked website is legitimate
If you have clicked through to a website or landing page from an email thinking it is genuine, make sure you also double-check the authenticity of the website.
If it’s a big brand or company, simply open a new tab and do a quick search for them. Click on their website and then compare the URL addresses.
Are they the same, similar or totally different? This should give you a good indication as to whether the landing page is a fake or genuine.
If you haven't yet clicked a link but are being asked to do so you can access an important message on your account, avoid the temptation to act quickly and log in via the email link. Instead, open your browser and log in to your account via the official website. Check if the message is really there. If it isn't, you know the email you received is likely to be from a scammer.
Ignore links and attachments
Computer viruses can find their way onto your computer by scammers tricking you into installing them. For example, ransomware threatens to take action on your computer - such as deleting files - unless you pay a ransom.
If you suspect an email might be from a scammer, do not click on any links or download any attachments featured in the scam email as these may download a computer virus onto your computer.
Make sure you stay security-savvy and ensure your antivirus software is always up to date, as this will provide an extra layer of protection if you have unknowingly downloaded a computer virus after clicking a link or downloading an attachment.
6 Asking for personal or bank details?
If an email is asking you to update or re-enter your personal or bank details out of the blue, it is likely going to be a scam.
Personal information includes things like your National Insurance number, your credit card number, Pin number, or credit card security code, your mother's maiden name or any other security answers you may have entered.
Most companies will never ask for personal information to be supplied via email.
7 Poor spelling, grammar and presentation?
Increasingly scammers are getting better at presenting phishing emails that are more or less free of poor spelling and grammar. But, you should still watch out for these tell-tale signs.
More common is to see a real lack of consistency with the presentation of the email, which may include several different font styles, font sizes and a mismatch of logos.
8 Trying hard to be 'official'?
Scammers often try hard to make the email sound official. They will do this in a number of ways, including using the word ‘official’.
You are unlikely to see the messaging in a truly official email shouting about how official it is.
Scam emails may also contain information such as account numbers and IDs designed to trick you into thinking the email is genuine. Check any of these against your records to see if they match.
9 Trying to rush you?
Fraudsters will try to pressure you with time-sensitive offers, encouraging you to act now or miss out on ‘exclusive’ deals.
Take your time to make all the checks you need. If the message is alerting you to look at something linked to an account you have with the company, organisation or retailer, you should log in separately to your account in a new tab or window
It’s better to miss out on a genuine deal than risk compromising your personal details or money.
10 Check with real company, brand or department
If you’re still unsure whether a scammer is behind the email you received, get in touch with the brand or company featured in your email directly via social media or their 'contact us' page.
Remember also to check the brand or company help and customer services pages. Often big companies are aware of scams circulating and have published advice for customers on what to watch out for.