Email Scams
Email scams — phishing, impersonation, and fraud delivered to your inbox.
Last reviewed: 1 June 2026
Email remains the single most common channel for scam delivery. From Nigerian-prince advance-fee letters to sophisticated spear-phishing attacks that spoof your bank's exact branding, fraudsters use email because it is ubiquitous, cheap to send at scale, and easy to make look legitimate.
This guide covers the email scam types responsible for the most financial losses, the warning signs in the email itself, and the habits that keep your inbox safe.
Common scams on Email
Phishing for login credentials
Emails mimicking banks, services, or employers link to fake login pages that capture usernames and passwords.
Invoice and payment redirection fraud
Scammers intercept or spoof supplier communications and substitute their own bank details for legitimate payment instructions.
Advance-fee fraud
Emails promise a large sum of money in return for help with a transfer — a small upfront fee keeps being requested until the victim stops paying.
Fake parcel delivery notices
Emails impersonating couriers request a small redelivery fee or customs payment, harvesting card details.
Tech-support phishing
Emails claim an account has been breached or a device is infected and urge immediate action via a phone number or link.
Common red flags
- Sender address that does not match the organisation it claims to be from
- Generic greetings such as 'Dear Customer' from services that know your name
- Urgent language demanding immediate action to avoid account closure or legal consequences
- Links where the displayed text does not match the destination URL
- Attachments you were not expecting, especially .zip, .docx, or .exe files
- Requests for payment-card details, passwords, or one-time codes via email
How to protect yourself
- Hover over links before clicking to check the real destination URL
- Verify unexpected payment requests by calling the sender on a known number — not one from the email
- Enable spam filtering and multi-factor authentication on your email account
- Never open attachments from senders you cannot verify
- Set up DMARC/DKIM records on your own domain to reduce spoofing of your business email
How to report it
- Mark the email as phishing or spam in your email client rather than just deleting it
- Forward phishing emails to your national reporting service (e.g., [email protected] or [email protected])
- Contact your bank immediately if financial details were entered on a linked page
Frequently asked questions
Is it safe to unsubscribe from suspicious emails?
Only if the email is from a legitimate mailing list you signed up to. Clicking 'unsubscribe' in a phishing email can confirm your address is active, leading to more scam attempts. For suspicious emails, mark as spam and delete.