A customer in Taunton forwarded me an email last month that made my blood run cold. It looked exactly like it came from her bank, complete with the right logo and colours. But something wasn't right — and she'd spotted it too. Good thing she sent it to me before clicking anything.
I've been helping Somerset businesses with their IT since the mid-1980s, and if there's one thing that's got worse over the years, it's email scams. They're getting cleverer, more convincing, and they're targeting everyone from plumbers in Taunton to B&B owners in Minehead.
Here's what you need to know — and more importantly, what to do when that suspicious email lands in your inbox.
The Three-Second Rule That Could Save Your Business
Before you click anything, hover your mouse over any links in the email. Don't click — just hover. Look at the bottom left of your screen. See that web address that pops up? That's where the link really goes.
If the email claims to be from Lloyds Bank but the link goes to lloyds-security-check.randomwebsite.com, you've got yourself a scam. Real banks use their actual domain — lloydsbank.com. No hyphens, no extra words, no nonsense.
I tell all my customers this simple trick. A café owner in Watchet avoided losing £2,000 earlier this year just by checking where a link really went. The email looked perfect, but the link? Dodgy as a nine-bob note.
91%
of cyber attacks start with a phishing email, according to the UK's National Cyber Security Centre
The Dead Giveaways Scammers Can't Hide
After four decades of looking at emails, I can usually spot a scam in seconds. But you don't need 40 years of experience — just look for these red flags:
They Create Fake Urgency
"Your account will be closed in 24 hours!" Sound familiar? Scammers love urgency because it makes you panic and click without thinking. Real companies don't do this. Your bank won't close your account without proper notice — usually 60 days minimum under UK banking regulations.
The Grammar's Off
Big companies employ teams of people to check their emails. If you spot spelling mistakes or weird grammar, it's probably a scam. I had a customer in Bridgwater who got an email from "Amazone" (with an 'e'). Dead giveaway.
Generic Greetings
Real companies know your name. If an email starts with "Dear Customer" or "Dear Email User", bin it. Your bank knows who you are — they'll use your actual name.
Asking for Information They Should Already Have
HMRC won't email asking for your National Insurance number. Your bank won't ask for your account details. They already have this information. If someone's asking for it, they're not who they claim to be.
Remember: No legitimate UK organisation will ever ask for your password, PIN, or full banking details via email. Ever.
What to Actually Do When You Get a Suspicious Email
Right, you've got a dodgy email. Here's your action plan:
1. Don't Click Anything
Not the links, not the attachments, not even the unsubscribe button. Nothing. I've seen viruses hidden in PDFs that look like invoices, and malware in Word documents pretending to be contracts.
2. Forward It to Me (If You're a Customer)
I tell every customer: if you're not sure, forward it to me. I'll check it for free. Takes me 30 seconds, could save you thousands. That's part of the service when you work with Exmoorweb.
3. Report It Properly
Forward scam emails to report@phishing.gov.uk. This goes straight to the National Cyber Security Centre. They shut down about 50,000 scam websites a month thanks to reports from people like you and me.
4. Check Directly With the Company
If the email claims to be from your bank, don't use any contact details in the email. Go to your bank's website directly (type the address yourself, don't click links) or phone them using the number on your bank card.
5. Delete It
Once you've reported it, delete the email. Don't leave it sitting in your inbox where you might accidentally click it later.
The Scams Hitting Somerset Right Now
I'm seeing specific scams targeting our area. Here's what's doing the rounds:
- Fake Somerset Council emails about council tax refunds or business rates
- Bogus booking confirmations targeting holiday cottages and B&Bs
- Fake invoice scams aimed at tradespeople — "Your invoice is attached"
- TV Licensing emails that aren't from TV Licensing at all
A holiday cottage owner near Exmoor almost fell for a booking scam six months back. The email looked exactly like it came from Booking.com, asking them to "verify their listing". The only thing that saved them? They remembered my advice about checking where links really go.
Why Small Businesses Are Prime Targets
Scammers love targeting small businesses. Why? Because they know you're busy. You're juggling everything from customers to accounts, and you might not have time to double-check every email.
They also know small businesses often don't have IT departments. When I visit customers in places like Williton or Minehead, I'm often the only IT support they have. That's why I make sure everyone knows the basics of staying safe.
Did you know? The average cost of a cyber attack on a UK small business is £8,460, according to the Cyber Security Breaches Survey 2023.
The One Thing That Beats Every Scam
You know what beats every scam going? Being suspicious. If something feels off, it probably is. Your gut instinct is usually right.
I've been in this game since before the internet existed, and I'm still careful with every email I get. There's no shame in being cautious — there's only shame in losing money to scammers who could have been stopped with a bit of healthy suspicion.
Look, I could tell you about firewalls and antivirus software (and yes, you need both), but the best defence against email scams is you. Take three seconds to think before you click. Check where links go. When in doubt, pick up the phone and check.
And if you're ever unsure about an email? Forward it to someone who knows what they're looking at. For my customers across Somerset, that's me. For everyone else, find yourself a trusted IT person who'll take the time to help. Because in my experience, the cost of being careful is nothing compared to the cost of being scammed.
Stay safe out there.
Sources
- National Cyber Security Centre — Official UK government advice on dealing with phishing emails
- Cyber Security Breaches Survey 2023 — UK government statistics on cyber attacks affecting businesses
- Action Fraud — The UK's national reporting centre for fraud and cyber crime
Need Help With Your Website?
Whether you need a new website, a redesign, or help with SEO — I'd love to have a chat about how Exmoorweb can help your business grow online.
Get In TouchNo obligation. No sales pitch. Just honest advice.
About the Author: Marcus Knapman has been working with computers and building websites since the mid-1980s. Based in Somerset, he runs Exmoorweb from Williton — personally visiting customers across Minehead, Watchet, Taunton, Bridgwater, and the wider South West. With a BSc (Hons) and over 40 years of hands-on experience, he combines technical expertise with practical, no-nonsense advice.