How to avoid email fraud

Protect yourself from email fraud

Email fraud has become an everyday risk in our online lives, but remains a lucrative crime despite growing awareness. Fraudsters are becoming ever-more sophisticated in their methods, which means it’s important to stay aware of potential threats and how to avoid them.

What is email fraud?

Email fraudsters hope to trick you into offering up your personal data. They do this with messages designed to look as if they were sent by legitimate online services, such as your bank, social media account or an online retailer.

Fake emails will sometimes appear to have been sent by someone you know. These will invariably contain links to sites where you will be invited to enter vital information such as your usernames, passwords and banking details. Such tricks are sometimes known as “spoofing” or "phishing", and make up the bulk of fraudulent messages.

Given how widespread email fraud is, you might think such schemes would become less effective, but it appears that they do still work. According to Action Fraud, 23% of people that receive phishing emails will open them. Scammers work continuously to make their attempts at fraud ever-more convincing. For example, Which? recently reported on a skilfully executed Paypal scam which circulated in early 2017.

Why do fraudsters try to steal your personal data?

Fraudsters can use your personal data for identity theft or identity fraud, perhaps eventually taking money from your bank account or taking out credit in your name. Consequently, email fraud is still big business. According to research from anti-fraud group Financial Fraud Action UK (FFA UK), online banking fraud – which includes phishing attacks – cost the banking industry £133.5m in 2015. The same report found that there were 16,462 phishing websites targeted against UK banks and building societies in the same year.

How to protect yourself against email fraud

It may not be possible to completely eliminate the threat of email fraud, but there are different precautions you can take.

  • If you think an email might be fraudulent, delete it - don’t open it, don’t reply to it and don’t click on any attachments.
  • If an email from someone you know seems unusual, it might be because their account was hacked and briefly taken over by fraudsters. The message might contain an unfamiliar link with an accompanying greeting, such as “Hey [Your Name] I thought you might find this useful.” If in doubt, contact your friend separately to see if they sent the email.
  • Beware of emails that are not personalised. Many phishing emails will start with ‘Dear Sir/Madam’, because the spammers are sending them out to millions of people. Authentic messages, such as those from your bank, will most often address you by name.
  • Don’t use a link within an email to connect to a site unless you’re absolutely certain who it’s from. These links can lead to phishing websites which look very similar to the real thing. It’s better to open a new window and type the URL in directly. Similarly, never enter your data in a log in box that is embedded in an email.
  • Configure your software correctly. Most email accounts and web browsers will have settings you can adjust to ensure maximum security, and it’s worth taking a little time to get to know them.
  • Beware of time pressure. Reputable organisations probably won’t need you to take urgent action to prevent your account being shut down. This is usually fraudsters trying to panic users into handing over data.
  • Install effective security software and keep all your systems updated regularly.

You should also make sure you use a secure password, and don’t give out personal information on social media or over public Wi-Fi. If you do spot suspicious communications, you can report them to Action Fraud through their online form: http://www.actionfraud.police.uk/report_fraud.

If you are worried about the security of your personal data, your Equifax Credit Report & Score – free for the first 30 days then £14.95 monthly – comes with WebDetect, which alerts you if we find your personal data on websites used by fraudsters.

Related Articles