5 email scams to watch out for right now

Which? reveals the top five email scams we've seen and how to avoid falling for their tricks
Tali Ramsey

Scam emails with malicious links or dodgy phone numbers continue to be one of the most prevalent methods used by criminals to con victims.

With a quarter of people receiving suspicious emails every day, it’s becoming more difficult to separate genuine emails from those designed by fraudsters.

Below, we detail five email scams to watch out for right now and how you can spot and avoid these emails.

Sign up for scam alerts

Our emails will alert you to scams doing the rounds, and provide practical advice to keep you one step ahead of fraudsters.

Sign up for scam alerts
Sign up

1. eBay scam email

A scam email impersonating eBay
A scam email impersonating eBay

An email impersonating eBay tells you that your purchase of an Apple iPad Pro costing around £2000 has been confirmed.

It says that the order has been shipped and includes a number to contact immediately if ‘you didn’t place this order’.

This is known as a vishing scam, where fraudsters either call you or get you to call a number while you’re on the phone they attempt to steal your personal information.

Typically, they’ll ask you to confirm some of your account details or, in some cases, scammers will tell you that your device has been compromised and get you to download remote access software. This will then enable the scammers to access to your device to 'help' you. 

2. Pegasus spyware

Google Trends data shows that Google searches for a Pegasus spyware email have spiked in recent days.

The email is an example of a sextortion email, where scammers attempt to blackmail you into handing over cash, usually in Bitcoin, to stop them exposing personal images and videos of you.

The email it’s sent from appears as if it’s sent from your own email address and tells you that Pegasus is a spyware program which has been installed onto your device.

It goes on to say that the sender has access to ‘your webcam, messengers, emails and call records’ and has recorded intimate videos of yourself which they will send to your ‘friends, family and co-workers in a few clicks’.

The scammer includes a link to their Bitcoin wallet and asks for thousands of dollars to delete all the images and videos they have of you. They also claim to be able to monitor all your activity.

This email is intended to incite panic, but there’s no need to worry. Hackers don’t have access to your device so you can safely disregard this email.

3. MetaMask email scam

A scam email impersonating MetaMask
A scam email impersonating MetaMask

Interest in an email supposedly from cryptocurrency wallet MetaMask also spiked in recent days, according to Google Trends data.

The email, titled ‘Immediate Action Required: Suspension Alert', tells you that you need to ‘update your wallet’ to comply with ‘global regulations’.

It also says that you may not be able to access your wallet if this update isn’t performed before a specific date and includes a dodgy link to ‘Update now’.

MetaMask makes it clear that it will never send unsolicited emails as it doesn't hold personal information on its users, including names and email addresses.

4. Royal Mail impersonation

Scam messages impersonating postal services are always a popular phishing method amongst fraudsters and Google searches for emails sent from ‘royalmail@royal-mail-infos.com’ have recently spiked.

These emails tell you that there’s been an ‘unsuccessful delivery attempt’ of your parcel and that you need to pay a small fee for it to be redelivered.

A phishing link in the email will then lead you to a malicious website where your details will be stolen.

5. Life insurance scam

A scam email claiming to offer life insurance
A scam email claiming to offer life insurance

Action Fraud, the UK's fraud reporting centre, recently reported receiving 800 reports of scam emails pretending to be from companies selling life insurance.

These emails are sent from random email addresses and always include a phishing link.

They tell you that if you answer a few questions, you’ll receive quotes from various insurance providers. These emails are designed to steal your personal information.

Spotting and reporting scam emails

All unsolicited emails should be treated with caution and some signs that an email may not be genuine are:

  • The sender's email address not matching the company’s official email address
  • An impersonal greeting
  • URLs that aren’t the company’s official website when you hover over links - avoid clicking these links when you inspect them
  • Out of date information in the body of the email
  • Blurry or unofficial branding
  • Emails which ask for personal information or bank details
  • Poor spelling, grammar and presentation
  • Emails which try hard to be official
  • Emails which claim you need to react urgently

You can report scam emails by forwarding them to report@phishing.gov.uk.

If you've fallen victim to a scam, call your bank immediately using the number on the back of your bank card and report it to Action Fraud or call the police on 101 if you’re in Scotland.

More on this

Related articles