Email is still one of the most useful tools on the internet — and one of the most dangerous if you are not careful. Here are eight simple rules to keep yourself safe.
Rule 1: Never Click Links in Unexpected Emails
If you receive an email from your bank, Amazon, HMRC, or any organisation asking you to “verify your account”, “confirm your details”, or “log in urgently” — do not click the link.
Instead, go directly to the website by typing the address into your browser. If there is a real issue with your account, you will see it when you log in normally.
Clicking links in emails is the number one way people get their accounts stolen.
Rule 2: Check the Sender’s Email Address
The name shown in an email can be anything — scammers often put “Amazon” or “HMRC” as the display name. Always check the actual email address by clicking on the name.
Real email addresses look like:
no-reply@amazon.co.uknoreply@gov.uk
Fake ones look like:
amazon@securemail-amazon.nethmrc-refund@taxreturnservice.comsupport@amazon.account-verify.online
If the domain (the part after the @) looks strange, it is fake.
Rule 3: Do Not Open Attachments You Were Not Expecting
Email attachments — especially .zip, .exe, .doc, or .pdf files — can contain viruses. If you receive a file you were not expecting, even from someone you know, check with them before opening it.
Legitimate organisations rarely send unexpected attachments. Banks, HMRC, and similar bodies will not send you software to install or urgent documents out of the blue.
Rule 4: Be Suspicious of Urgency
Scam emails almost always create a sense of panic:
- “Your account will be closed within 24 hours!”
- “Immediate action required!”
- “You have a tax refund waiting — respond today!”
Real organisations give you reasonable time to respond. If an email demands urgent action, slow down and verify it before doing anything.
Rule 5: Use a Strong Password for Your Email
Your email account is the master key to everything else — because most websites let you reset a password by sending an email. If a scammer gets into your email, they can reset all your other passwords too.
Make sure your email password is:
- Long and unique (not used anywhere else)
- Changed if you ever suspect it was compromised
See our guide: How to Create Strong Passwords
Rule 6: Enable Two-Factor Authentication on Your Email
This is the single most important step you can take. With two-factor authentication, even if someone has your email password, they cannot log in without a code sent to your phone.
See our guide: What is Two-Factor Authentication
Rule 7: Use a Spam Filter
Most email services (Gmail, Outlook, Yahoo Mail) have built-in spam filters that automatically move suspicious emails to a junk folder. Make sure yours is turned on.
Even with a spam filter, some scam emails will get through — so always stay alert.
Rule 8: Do Not Forward Chain Emails
You have probably received emails that say “Forward this to 10 people” or “Warning — share this with everyone”. These are almost always hoaxes or scams designed to collect email addresses.
Delete them without forwarding.
How to Report a Scam Email in the UK
If you receive a suspicious email:
- Forward it to: report@phishing.gov.uk (the UK’s National Cyber Security Centre)
- In Gmail: Click the three dots → “Report phishing”
- In Outlook: Click “Report” → “Report phishing”
Reporting helps authorities shut down scammers and protect others.
Email is safe when you use it carefully. The most important habit to build: before clicking any link or opening any attachment, pause for 10 seconds and ask yourself — “Was I expecting this?”