Email Scams in 2026

Email is still the workhorse of online fraud. It is cheap to send at scale, it lands directly in a space you trust, and in 2026 it is harder than ever to judge by eye — AI tools have stripped scam emails of the broken grammar and clumsy phrasing that used to give them away. A scam email today can carry your correct name, reference a company you actually use, and read as fluently as a genuine notification.

This page is a map of the scam emails currently circulating in the UK: what each one is trying to do, the guide that breaks each down in detail, what to do if you have already clicked, and exactly where to report it. If you have a specific email open in front of you, jump to the category below that matches it.

How to recognise a scam email

Whatever brand it imitates, almost every scam email leans on the same small set of structural tells:

The sender domain is wrong. The part of the address immediately before the first slash is the only part that cannot be faked. A real HMRC email ends @hmrc.gov.uk; hmrc@refund-gateway.com is not HMRC, however convincing the rest looks.
It manufactures urgency. “Your account will be closed in 24 hours.” “Final demand.” “Immediate action required.” The pressure exists to stop you pausing to check.
The link does not go where the text says. Hover over it on a computer, or long-press it on a phone, and read the real destination before you trust it.
It asks for something no real company asks for by email — a password, a full card number, a one-time security code, or a small “verification” payment.
There is an unexpected attachment — an “invoice”, a “delivery note” or a “document” you were not expecting, which carries the malware.

For the full framework — including the checks that still work now that AI has neutralised the grammar and spelling tells — see how to spot phishing emails.

The email scams hitting UK inboxes in 2026

The scams below are the ones generating the most complaints and the highest losses this year. Each is covered in depth in its own guide.

Delivery and parcel scams

A message claiming a parcel is held pending a small “redelivery” or “customs” fee — usually only a few pounds — designed to harvest your card details rather than to collect the trivial fee. It is the highest-volume scam pattern in the UK and reaches you by both email and text. Genuine carriers charge customs handling on a grey card through your letterbox, never via a link.

Bank and payment scams

Emails imitating your bank or a payment provider, warning of a “suspicious transaction” or a “locked account” and pushing you toward a fake login page. Your real bank investigates fraud inside its own app — it never needs you to confirm anything by email.

HMRC, DWP and government scams

A “tax refund” you can claim, a “tax demand” you must settle, a benefit “suspended” pending verification. Real government departments do not email or text you a link to claim money or pay a debt.

Tech, streaming and shopping account scams

“Your payment failed”, “your subscription is on hold”, “unusual sign-in detected” — emails impersonating the big consumer accounts to capture your login. Always check by typing the provider’s real address yourself, never by following the email’s link.

Energy and telecoms scams

“You are owed an energy rebate”, “your bill could not be processed”, “your account needs verifying”. Government energy-support schemes are applied automatically through your supplier — nobody emails you a link to claim them.

Workplace and business email fraud

The most expensive category per incident. A finance team receives an email that appears to come from a senior colleague or a known supplier, instructing an urgent payment or a change of bank details. Losses routinely run to tens of thousands of pounds per case.

Crypto phishing emails

Emails imitating a wallet or exchange, warning of a “security issue” and steering you to a page that asks for your seed phrase or recovery details. Anyone with your seed phrase has your funds — no legitimate service ever asks for it.

What to do if you have already clicked or replied

Acting in the first hour limits the damage. Work through this in order:

If you entered a password, change it now — on that account and on every other account where you reused it — and turn on two-factor authentication.
If you entered card or bank details, contact your bank straight away using the number on the back of your card. Ask them to stop the card and watch the account. UK reimbursement rules may cover an authorised-push-payment loss — see getting a refund from your bank.
If you opened an attachment, disconnect the device from the internet and run a full security scan. If it is a work device, tell your IT team immediately.
Watch for follow-on fraud. Check your statements and your credit report; consider a CIFAS protective registration if your identity details were exposed.
Report it — see the channels below.

How to report a scam email in the UK

Forward the email to report@phishing.gov.uk — the National Cyber Security Centre’s Suspicious Email Reporting Service. Reports here have driven hundreds of thousands of scam-site takedowns.
Forward scam text messages to 7726 — free on every UK mobile network (the digits spell SPAM).
Forward brand-impersonation emails to the brand’s own abuse address — for example phishing@hmrc.gov.uk, reportphishing@apple.com, stop-spoofing@amazon.com or spoof@paypal.com.
If you lost money or gave away information, report it to Report Fraud on 0300 123 2040 — the UK’s national fraud and cybercrime service. For the full set of channels, see how to report a scam.
Mark the message as phishing or spam in your email app — this trains the filter and helps protect other recipients.

Protect your accounts

Use NordVPN to encrypt your connection when accessing email and sensitive accounts on shared or public networks, reducing the chance of your data being intercepted.

Affiliate disclosure: as a NordVPN partner, ScamSupport may earn a commission if you sign up via this link — this doesn't change our recommendation or the price you pay. Full affiliate policy →

Get NordVPN Protection

Frequently asked questions

What is the most common email scam in the UK in 2026?

Delivery and parcel scams — a message about a held parcel and a small redelivery or customs fee — remain the highest-volume pattern, arriving by both email and text. Fake bank, HMRC and account-security emails follow close behind.

How can I tell if an email is a scam?

Check the sender’s domain — the part immediately before the first slash cannot be faked. Be wary of urgency and threats, hover over links to see the real destination, and never act on a request for a password, card number or security code by email. AI has removed the old grammar tells, so rely on these structural checks.

Where do I report a scam email in the UK?

Forward it to report@phishing.gov.uk, the National Cyber Security Centre’s Suspicious Email Reporting Service. Forward brand-impersonation emails to the brand’s own abuse address as well. If you lost money or gave away information, report it to Report Fraud on 0300 123 2040.

I clicked a link in a scam email — what should I do?

If you entered a password, change it everywhere you used it and turn on two-factor authentication. If you entered card details, call your bank straight away. If you opened an attachment, disconnect the device and run a security scan. Then report the email and watch for follow-on fraud.

Are scam emails getting harder to spot?

Yes. In 2026, AI-written phishing reads fluently and can include your real name and details taken from data breaches. The old grammar and spelling tells are no longer reliable — the sender domain, the link destination and the credential request are.

Can I get my money back after an email scam?

Possibly. If you were tricked into authorising a bank transfer, UK reimbursement rules require banks to consider refunding many such losses. Report it to your bank immediately and see our guide on getting a refund from your bank.

Use the Scam Message Scanner →