Home > SHAPE Passport > Staying Safe > Online Safety > Identify good and bad emails
Here you can find tips to help you spot the difference between a real, safe emails and a dodgy phishing scam.
If you get an email from a company or service you don’t even use asking you to do something “urgent” or “important,” it’s almost certainly a scam.
For example:
If you don’t have a PayPal account, there’s no reason for PayPal to email you about logging in or fixing a problem.
If you get a message about tracking a parcel or paying an invoice for something you never ordered, it’s not genuine.
Spotting a genuine email is all about checking the details before you click anything. A real email will usually come from an official address (like @sheffcol.ac.uk or @paypal.com), use your actual name, and relate to something you know about — such as a service you’ve signed up for or a purchase you made.
For example, a genuine email from Amazon might come from no-reply@amazon.co.uk (matching their website), not something odd like:
no-reply@amazonmail.net or no-reply@efficaciouscrbays.xyz.
A genuine email about unusual account activity won’t pressure you to log in or share sensitive details. It will simply alert you so you can check for yourself. For example, Google might say, “We’re letting you know a new device signed in — was this you?” rather than, “Sign in urgently to block this device.” If an email demands your password or bank details, it’s a scam.
Emails that start with a generic greeting like “Dear valued customer” instead of your name can be a sign of a fake email. Legit companies usually use your actual name. However, this isn’t always a sure way to tell—sometimes sellers you’ve bought from, like on eBay, might use generic greetings too.
Legitimate emails from large organisations (like Amazon or The Sheffield College) are usually well-written with correct spelling and grammar. Scam emails often contain mistakes because the sender isn’t careful or English isn’t their first language. However, this isn’t fool-proof — even genuine emails can sometimes have errors.
Both real and fake emails can have links. To check if a link is safe, hover your mouse over it to see the full web address. Make sure it leads to the official site—for example, an eBay email should link to something like www.ebay.co.uk/extendedlink
If an email has low-quality or blurry images, it’s likely fake—real companies usually use clear, professional pictures.
If an email offers something that sounds too good to be true or asks for something that doesn’t make sense, it’s almost certainly fake.
For example, if you receive an email from someone who wants to marry you and apparently has a lot of money in an account but inconveniently needs a small amount of money from you in order to be able to access the account, it is definitely not genuine.
Sometimes your email service flags real emails as suspicious or fake by mistake. Here are some examples of what it might do...
Email providers try to catch suspicious emails and put them in the Spam folder, but they don’t always get it right. Sometimes real emails end up in Spam by mistake. Also, you might have set your inbox to send emails from certain addresses to Spam automatically.
SSometimes your email won’t show images right away and asks you to click to download them. This doesn’t mean the email is fake — it happens with many real emails too. Your email does this to save data (like on your phone) and to block images loaded from outside websites, which helps keep you safe. You should be able to turn function off in your settings.
