Being streetwise with your email - how to avoid the Dark Art of Email Scamming

Published on 20 March 2014

Even the most cautious person can fall victim to identity theft and cyber crime through fraudulent emails which are easily hidden amid the flood of messages we get every day.

One of the latest, most serious, email scams will unleash the 'Cryptolocker' virus against unsuspecting victims. These emails are usually sent with a subject line such as 'British Airways Order' or 'Royal Mail Shipping Advisory' and direct recipients to download a .zip file either from a link in the email or from a webpage. Downloading, opening, and running the .exe file inside the .zip file will infect your computer with Cryptolocker.

Cryptolocker encrypts files on the hard drive and any other accessible storage (including your M: drive, and USB sticks). A message will then appear a few days later to demand payment in return for the encyrption key. Without the key it is not possible to decrypt your data and it will be lost.

It may be possible to recover files on your M: by restoring 'previous versions' - for further information see:

This is one of the nastiest email scams at present but there are many others. Email phishing attempts, scams and viruses evolve constantly but here are some tips to avoid them:

1. Don't be tempted to "just click this link"

Scam emails will often encourage you to click on a link within the email, taking you to a web page that may look legitimate but is actually used to collect your login credentials or personal information. The link itself often looks genuine in the email but what the link says and where it actually goes to can be entirely different.

In other cases, at first glance the link looks fine but it may have been slightly altered by adding, omitting or transposing letters, e.g.,

Tip: Move you mouse to hover over the link (without clicking on the link). Look down in the bottom left of the screen and you should see a preview of the real address of the web page that the link will take you to.

2. Never give out personal information

Emails might appear to come from a reputable institution such as the HMRC or a bank and they may ask you to reply, or to visit a webpage, to provide some personal information. No legitimate organisation will ask for your personal details by email – and that includes your bank account, PIN, passwords, or contact details.

3. Check for poor grammar or spelling

Scam artists may be cunning but one way to catch them out is by poorly written emails with an unusual use of English. If something is badly phrased, has spelling errors or doesn't make sense,  then odds are it is not legitimate.

4. Don't open attachments

Some email scams will have an attachment and ask you to open it. It will almost certainly be a virus. Don’t open attachments if you weren't expecting them, or from someone you don't know - not even if it seems to be from your bank, the government, or a reputable company (e.g. the Royal Mail or Amazon). They rarely send attachments.

5. Watch out for 'red flag' phrases

Alarm bells should ring if you see phrases such as:

  • "verify your account""
  • "if you don't respond within xx hours your account will be closed"
  • "you have won the lottery!"

It is a scam. Delete it.

6. And finally, if you are in any doubt - don't do anything

If you aren't sure about what to do then don't do anything – don't open attachments or follow any links; just contact the Helpdesk for advice or find out more about using Sophos Antivirus. CSD will block scams as soon as possible and will issue announcements to alert you to the latest security risks.

Sign up for CSD announcements or follow us on Twitter @liverpoolcsd for the latest news.

You can also use this handy visual guide for some clues on what to look out for (click on the image for a larger size):