What are the signs of a suspicious email or text?

Fraudsters try getting money from organisations by sending fake emails and texts to gain access to their internet banking details. It can be difficult to spot a fraudulent email, but there are things you can check for clues it’s a fraudulent email.

  • Check the sender email address
    Always check the sender’s email address to make sure it’s from the person you think. Fraudsters can change the ‘From’ name so it can look like it’s come from your bank, or a person’s name. If you hover over the name, the sender’s email address should be displayed. If it’s a company email address, an online search of the email address will often tell you if it’s a genuine address.
  • Call the sender
    If you get an unusual request from someone you know, asking you to transfer money or download something onto your computer, and the email address looks genuine, there’s a possibility their email account was hacked. To be safe, it’s best to call them to make sure they sent the email and really made the request.
  • Look for spelling mistakes
    Scam emails can often look odd, with a messy layout and spelling mistakes.

Common email and text scams to look out for:

  • CEO fraud
    Fraudsters email employees pretending to be the owner or CEO of the organisation, asking them to make a payment or transfer.
  • Supplier fraud
    Fraudsters pretend to be your supplier letting you know their payment details have changed.
  • Invoice fraud
    Fraudsters send fake invoices claiming to be from a real business you work with. Sometimes they hack the emails of your supplier to send the invoice, so the email address is genuine, but the payment details are changed to those owned by the fraudster. It’s sensible to call your suppliers on the number on their website to verify their payment details before you pay new account details for the first time.
  • Pretending to be a business
    In these messages, texts or emails, you might be asked to click a link that takes you to a fake website – for example, the website might claim to be the Triodos Bank website (See ‘How to check that a website is genuine’). On this site you could be asked to give your internet banking details. We will never send you a link to the login pages of internet banking.
  • Spyware in links
    Some scam emails ask you to download something onto your computer or network – this could be a link to a website or an attachment. This tool could spy on your computer or lock you out until you pay a ransom or reveal your bank security details.
  • Smishing (fraudulent text messages)
    These are text messages that appear to be from well-known businesses, claiming you need to click the link to update your details. Often the links are disguised with short links – like bitly links, e.g. https://bit.ly/2kwosxu. Tempting as it is to use the link, contact the company using the details on their website to verify that they sent the text, and that it’s safe to click on the link. Fraudsters will impersonate these companies to obtain your valuable information.

Related FAQs

Related how-to guides

How to report business fraud

How to spot and prevent CEO fraud

How to check that an email from Triodos Bank is genuine

How to protect your business from fraud

How to check that a website is genuine

How to apply for a Triodos Bank business loan

How to apply for a Triodos business or charity savings account

Related downloads

Find what you were looking for?

Search our help and support section for more

Go to help and support