Quick Guide: Is this Email Legit?

With so much communication online, it's often hard to tell what is real and what could be an attempt to steal your information and access secure accounts. Emails from any account relating to payment or sensitive information should be met with scrutiny. Here's a guide to help you determine if an email is legitimate.

Check the Sender’s Email Address

One of the easiest ways to spot a fake email is by looking at the sender's address. Fraudsters often try to mimic official organisations, but their email addresses may look strange. For example, if you receive an email from “Barclays Bank”, the sender’s email should end with something like “@barclays.co.uk”. If it comes from something odd like “barclays-banking123@freeemail.com” or "james@borclays.co.uk", it’s likely a scam. Always look at the part after the “@” symbol—legitimate companies will use official domain names.

Look for Grammar and Spelling Mistakes

If an email has many spelling mistakes, bad grammar, or just doesn’t sound right, it’s a red flag. Scammers often use rushed or poorly written emails to trick people into clicking on links quickly. This is often intentional to target the most vulnerable of people.

Avoid Clicking Suspicious Links

A common trick in fake emails is to include a link that takes you to a fake website designed to steal your information. Hover your mouse over any links in the email (without clicking) to see the actual web address (URL) in the link. If it looks suspicious, like a random string of letters, numbers, or a different domain than you expect (e.g., "hmrc-gov.uk.ru" instead of "gov.uk"), do not click it. It's easy to hide, like this link that looks like it takes you to amazon.co.uk

To be safe, always visit the company’s website directly by typing it into your browser, rather than clicking on links in the email. For example, if HMRC supposedly emailed you, open a new browser tab and type "gov.uk" yourself rather than relying on links in the email.

Be Wary of Urgent Requests

Phishing emails often try to induce panic with messages like “Your account will be locked” or “Immediate action required.” Real companies, especially banks, WILL NOT ask for sensitive information over email. If you're ever in doubt, call the company directly using a number from their official website.

Look at the Attachments

Never open attachments in an email unless you're sure it’s from a legitimate source. Scammers often send attachments with viruses or malware. If you weren’t expecting a document or file from the sender, it's best to avoid opening it and delete the email.

Check the Email Signature

Legitimate emails from companies will often have a signature that includes contact details. If these don't match those listed on their official site (be wary of Google listings that aren't always accurate) then it's probably not legitimate.

If you're concerned about your Cyber Security, CDS can help ensure you have all of the essentials in place, from advice to anti-virus software, plus the best junk mail filters available. Choose CDS for minimal risk, minimal stress, and guaranteed IT success.